Key Reinstallation Attacks Breaking WPA2 by forcing nonce reuse


Mimosa Devices & KRACK Vulnerability

We are looking into this, and will provide updates on this thread.


The WPA 2 vulnerability known as KRACK is a vulnerability to all Wifi networks that use WPA 2 to protect data transmitted over Wifi connected devices. The vulnerability exploits the 4-way handshake used by the WPA2 protocol by manipulating and replaying the handshake messages between access point and station (client).

Mimosa is actively working on a solution with our technology suppliers to fix this industry wide vulnerability, and anticipate providing a patch release for our A, B and C series products in approximately 2 weeks.

We understand the concerns surrounding this vulnerability, but also want to provide information regarding its applicability to deployed Mimosa equipment. The KRACK vulnerability impacts Wi-Fi stations or clients, not Wi-Fi access points. Mimosa point to point products, and point to multipoint running in SRS mode, while susceptible to KRACK at the station/client side, gain additional protection from the proprietary nature of the proprietary TDMA protocol which a hacker additionally would need to deconstruct to view any unsecured transferred internet traffic. If possible, until a fix exists, we recommend using TDMA on point to multipoint systems instead of the Wi-Fi interop (CSMA) mode.