• State TI Thinks Resolved
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 41 subscribers
  • Views 879 views
  • Users 0 members are here
Support feedback
Options
Options
Similar topics

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

WL1837MOD: Update firmware on WPA2 KRACK problem ?

shigehiro tsuda
Mastermind 9490 points
Part Number: WL1837MOD

Hi,

MCP8.5_SP2 and NLCP8.7_SP3 have been released as a workaround against the WPA2 KRACK problem of WL18xx.
Is it necessary to update FW (wl18xx - fw.bin) as this workaround?
Is it possible to take measures only with the wpa_supplicant of the OS being used or the driver side?

There is a question as to what kind of workaround for minimal modification from customers already mass-produced.
There is our customer's request that they do not want to update the wl18xx firmware they are running now.

Best Regards,
Shigehiro Tsuda

  • 0
    TI__Expert 5285 points

    Hello,

    they must upgrade to the latest FW version.

    therefore they must take either NLCP R8.7SP3 - both supplicant and FW changes.

    or MCP8.5_SP2 - once again it has both supplicant and FW changes

    BR,

    Chen Loewy

  • 0 in reply to Chen Loewy
    Mastermind 9490 points
    Hi Chen,

    Thank you for quick reply.
    Our customers are using windows EC7(embeded compact 7) and can not easily change to support MCP8.5_SP 2.
    Is not it possible to cope with wpa_supplicant's windows EC7 patch alone, and both WL 1837 FW update and driver update are necessary?
    Our customers use wireless clients (STA).
    Will this WPA2 KRACK issue be applicable even in wireless client operation?

    Since it is an important question, please let me know if you know the correspondence of other companies using windows EC7.

    Best Regards,
    Shigehiro Tsuda
  • 0 in reply to Chen Loewy
    Mastermind 9490 points
    Hi Chen,

    We received the following additional information from our customers and we will inform you.
    Windows EC 7 seems to be updating only below as a workaround against the problem of KRACK.
    CVE-2017-13080 | Windows Wireless WPA Group Key Reinstallation Vulnerability
    support.microsoft.com/.../update-rollup-includes-a-security-update-for-windows-embedded-compact

    The release notes for MCP8.5_ SP2 only mentioned KRACK fix.
    Could you tell me which of the following CVE is supported to KRACK fix??
    https://www.krackattacks.com/
    CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake.
    CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake.
    CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way handshake.
    CVE-2017-13080: Reinstallation of the group key (GTK) in the group key handshake.
    CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group key handshake.
    CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it.
    CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake.
    CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake.
    CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
    CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.

    Best Regards,
    Shigehiro Tsuda
  • 0 in reply to Chen Loewy
    Mastermind 9490 points

    Hi Chen,

    Thank you for your support.

    Does Wilink's FW include WPA2 processing?

    We got the following information.
    If WPA2 processing is distributed and processed by both FW and OS supplicant, both updates are necessary,
    If WPA2 processing is not being processed by FW, it seems that it can be supported by OS supplicant only update.

    Best Regards,
    Shigehiro Tsuda