Security Advisory Release Date: November 1st, 2017 Vulnerability Identifier: AXON-1701
In recent weeks a 3rd party global security research team in Belgium has discovered weaknesses in the WPA2 wireless protocol that is used to secure WiFi networks. Successful exploitation of this weakness could give an attacker the ability to decrypt data that was encrypted using the encryption provided by the WPA2 protocol as well as the ability to inject or manipulate data within such data. Additional information on these “KRACK attacks” can be found here: https://www.krackattacks.com
Many of Axon's connected devices and products use WiFi technologies directly or indirectly leverage implementations from underlying host systems. Axon has determined that only Axon Fleet Cameras and in-car routers used in Axon Fleet deployments may be directly vulnerable to KRACK attacks. Axon is in the process of applying patches to Axon Fleet Cameras and has highlighted below agency next steps for applying patches to in-car WiFi routers as well as other devices an agency may use in support of Axon product deployments.
Axon is committed to providing the most trusted and secure platform for our customers and we will continue our rigorous product assessment and vulnerability discovery practices. You can read more about what we have implemented to protect the Axon platform and customer evidence data on our Security pages.
See the timeline below for Axon updates and take manual steps to review your networks WiFi infrastructure and patch the appropriate products.
Axon supported CradlePoint router patches are currently available. Customers should patch their router per the Cradlepoint instructions here: http://knowledgebase.cradlepoint.com/articles/Support/WPA-and-WPA2-Vulnerabilities-KRACK
Axon Fleet Cameras updates are scheduled to be deployed by November 30, 2017 . This update will be applied silently and will NOT affect any buffering, recording or evidence gathering.
Axon Body Camera 2 and Axon Flex 2 updates are scheduled to be deployed in Q1 2018 as an improved mitigation against further attacks. These updates will be applied normally.
The vulnerability does not affect the security of Evidence.com or your evidence data residing within. In addition to the per Axon product analysis below, Axon recommends as best practice that all devices providing Wi-Fi technologies be patched as soon as patches are made available by manufacturers.
The scope of this weakness is limited to products which utilize WiFi directly or indirectly. Specifically, Axon products that are impacted directly are Axon Fleet Cameras and Routers and indirectly are Axon View, Axon Capture, Axon Body Camera 2 and Axon Flex 2. For the directly impacted products, the router patch allows your networks to remain protected from outside intrusion and the camera patch allows for protection if your network security is compromised. For indirectly impacted products, Axon will be releasing updated firmware in Q1 2018 that further improves security of the device to mitigate impacts to the network or device.
Mitigation should be to patch your WiFi routers as soon as patches are made available from manufacturers. Please consult your WiFi routers manufacturers support page for further information.
Further details and breakdown of Axon product exposure is outlined below:
[1] Microsoft Security Advisory https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080
[2] Cradlepoint Knowledge Base https://customer.cradlepoint.com/s/Knowledge
CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake.
CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake.
CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way handshake.
CVE-2017-13080: Reinstallation of the group key (GTK) in the group key handshake.
CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group key handshake.
CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it.
CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake.
CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake.
CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
Axon recommends as best practice that any Wi-Fi technologies used to support Axon product connectivity should be patched as soon as patches are made available by manufacturers.
1) PATCH MOBILE DEVICES AND OPERATING SYSTEMS
Patch updates for KRACK issues are being released for all types of mobile devices, we encourage everyone to ensure their devices are updated. Here is a good list of specific devices and information about patches:
https://www.bleepingcomputer.com/news/security/list-of-firmware-and-driver-updates-for-krack-wpa2-vulnerability/
2) PATCH IN-CAR ROUTERS
NOTE: This is not an exhaustive list of in-car routers. Please coordinate with your system administrators to ensure appropriate patching of in-car routers.
[1] Calamp Fusion Router
[2] Cradlepoint IBR1100 Router
[3] Cradlepoint Knowledgebase - WPA and WPA2 KRACK Vulnerabilities
[4] Cradlepoint IBR900 Router
[5] Digi Transport WR44 Router
[6] Pepwave DCS RUG Router
[7] Pepwave KRACK Firmware Fix
[8] Pepwave Surf on the Go
[9] Pepwave KRACK Firmware Fix
[10] Sierra Wireless Airlink MP70 Router
[11] Sierra Wireless Airlink MG90 Router
[12]Sierra Wireless InMotion OMG Series