cancel
Showing results for 
Search instead for 
Did you mean: 

Security Bulletin

Anonymous
Not applicable

Cypress recommended mitigations for KRACK Attacks

See https://www.krackattacks.com/

There are ten related CVEs.

Are mitigating patches in certain WICED versions? Other binaries for us to distribute?

Let us know how we can help.

23 Comments
Anonymous
Not applicable

A user asked this same question of us at Particle in our forum this morning:

KRACK Patch ETA - Firmware - Particle

I referred them to this thread.

0 Likes
MichaelF_56
Moderator
Moderator

We are discussing internally and someone will respond shortly to the other thread that was created earlier this morning.

Anonymous
Not applicable

Excellent. Thanks. I don't see the other thread, so be sure to give us a link or cross post.

0 Likes
MichaelF_56
Moderator
Moderator

My mistake. This is the only thread.

Anonymous
Not applicable

No worries. Looking forward to the response.

MichaelF_56
Moderator
Moderator
AxLi_1746341
Honored Contributor

Hi mifo

I found CYW4390 does not include in the WPA2-KRACK-HACK-statement pdf file.

Can you share the impact of CYW4390 on WPA2-KRACK-HACK issue? (or update the pdf file to include CYW4390)

I ask this because we start getting such questions from some customers today.

Given the wlan-firmware and the BESL library are all closed source, we really don't know the status.

Note, I understand CYW4390 is no longer supported in the latest SDK.

However, we still have a lot invetory of product using this chip.

And I believe some other WICED partners like LSR, damonsys, etc also use this chip which will want

to know the status.

I'm totally fine to use SPDF system to get the support, but we really need to know the impact first.

Please let us know if cypress can support the fix if necessary.

Can you help?

Thanks,

Axel

0 Likes
MichaelF_56
Moderator
Moderator

We are checking to see if the 4390 FW is susceptible to the Group 1 attacks or not. 

0 Likes
AxLi_1746341
Honored Contributor

mifo wrote:

We are checking to see if the 4390 FW is susceptible to the Group 1 attacks or not. 

Any update?

0 Likes
MichaelF_56
Moderator
Moderator

Internal discussions continue. Many module partners offer 4390 based modules, so this will happen.

0 Likes
Anonymous
Not applicable

Thanks much for the ping. FYI, we use a 43362 module, so we're waiting on the WICED Studio releases. The Particle community appreciates the quick and helpful Cypress response.

0 Likes
AxLi_1746341
Honored Contributor

mifo wrote:

Internal discussions continue. Many module partners offer 4390 based modules, so this will happen.

Give the fact cypress finished the KRACK attacks report for multiple platforms in a few hours.

It seems unreasonable delay to tell if 4390 has impacted by Group 1 attacks or not.

I have a couple mail regarding KRACK attacks holding at my side since last week because we

don't know the impact so far. Any chance to update the status for 4390?

0 Likes
MichaelF_56
Moderator
Moderator

I will continue to escalate the 4390 internally with the engineering management team. 

0 Likes
MichaelF_56
Moderator
Moderator

Which FW version are you using?

0 Likes
AxLi_1746341
Honored Contributor

mifo wrote:

Which FW version are you using?

We have 4390 products shipped with SDK-3.1.2 and SDK-3.7.0-7.

0 Likes
MichaelF_56
Moderator
Moderator

The WLAN firmware version is printed out on the terminal upon reset.

firmware_version.PNG

0 Likes
AxLi_1746341
Honored Contributor

Here is my WLAN Firmware version:

WLAN Firmware : wl0: Jul 20 2015 15:15:25 version 6.38.15.14 (r572567)

Anonymous
Not applicable

For those following this thread, WICED Studio 6.0.0 has been released.

AxLi_1746341
Honored Contributor

mifo

Can you update the status for 4390?

Also please provide the estimate time to deliver the fix.

0 Likes
MichaelF_56
Moderator
Moderator

Asking for an update internally.

I did confirm today that testing has been done and that the 4390 isn’t vulnerable to the group 1 attacks.

We are working with the module partners (IoT Solutions Guide​) to figure out how to deploy a patch to them for their 4390-based modules.

Which module partner module are you using?  It may make sense to ask them to reach out to us as well.

0 Likes
AxLi_1746341
Honored Contributor

mifo wrote:

Which module partner module are you using?  It may make sense to ask them to reach out to us as well.

Thanks, we use SPIL N03.

0 Likes
AxLi_1746341
Honored Contributor

mifo wrote:

Asking for an update internally.

I did confirm today that testing has been done and that the 4390 isn’t vulnerable to the group 1 attacks.

We are working with the module partners (IoT Solutions Guide) to figure out how to deploy a patch to them for their 4390-based modules.

I think the best way to deliver the fix is just post it on the forum.

(Just like you did for other platforms)

If you want to send the fix by MyCases system,

I have MyCases (00381316) for 4390 KRACK attacks issue.

0 Likes