In recent weeks a 3rd party global security research team in Belgium has discovered weaknesses in the WPA2 wireless protocol that is used to secure WiFi networks. Successful exploitation of this weakness could give an attacker the ability to decrypt data that was encrypted using the encryption provided by the WPA2 protocol as well as the ability to inject or manipulate data within such data. Additional information on these “KRACK attacks” can be found here: https://www.krackattacks.com
Many of Axon's connected devices and products use WiFi technologies directly or indirectly leverage implementations from underlying host systems. Axon has determined that only Axon Fleet Cameras and in-car routers used in Axon Fleet deployments may be directly vulnerable to KRACK attacks. Axon is in the process of applying patches to Axon Fleet Cameras and has highlighted below agency next steps for applying patches to in-car WiFi routers as well as other devices an agency may use in support of Axon product deployments.
Axon is committed to providing the most trusted and secure platform for our customers and we will continue our rigorous product assessment and vulnerability discovery practices. You can read more about what we have implemented to protect the Axon platform and customer evidence data on our Security pages.
See the timeline below for Axon updates and take manual steps to review your networks WiFi infrastructure and patch the appropriate products.
Timeline and supporting documentation
- Axon supported CradlePoint router patches are currently available. Customers should patch their router per the Cradlepoint instructions here: http://knowledgebase.cradlepoint.com/articles/Support/WPA-and-WPA2-Vulnerabilities-KRACK
- Axon Fleet Cameras updates are scheduled to be deployed by November 30, 2017 . This update will be applied silently and will NOT affect any buffering, recording or evidence gathering.
- Axon Body Camera 2 and Axon Flex 2 updates are scheduled to be deployed in Q1 2018 as an improved mitigation against further attacks. These updates will be applied normally.
Scope & Mitigation
The vulnerability does not affect the security of Evidence.com or your evidence data residing within. In addition to the per Axon product analysis below, Axon recommends as best practice that all devices providing Wi-Fi technologies be patched as soon as patches are made available by manufacturers.
The scope of this weakness is limited to products which utilize WiFi directly or indirectly. Specifically, Axon products that are impacted directly are Axon Fleet Cameras and Routers and indirectly are Axon View, Axon Capture, Axon Body Camera 2 and Axon Flex 2. For the directly impacted products, the router patch allows your networks to remain protected from outside intrusion and the camera patch allows for protection if your network security is compromised. For indirectly impacted products, Axon will be releasing updated firmware in Q1 2018 that further improves security of the device to mitigate impacts to the network or device.
Mitigation should be to patch your WiFi routers as soon as patches are made available from manufacturers. Please consult your WiFi routers manufacturers support page for further information.
Further details and breakdown of Axon product exposure is outlined below: