Mimosa Devices & KRACK Vulnerability


#1

Hi, following the WPA/WPA2 vulnerability found some days ago I was wondering how Mimosa is dealing with it.

Are Mimosa devices affected? Are we gonna get a fix? ETA?

Thank you.


#2

I know in 2 other threads that a DavidD replied “We are looking into this, and will provide updates on this thread.”

I have subscribed to both threads in hopes to hear about the solution as soon as possible.



#3

The WPA 2 vulnerability known as KRACK is a vulnerability to all Wifi networks that use WPA 2 to protect data transmitted over Wifi connected devices. The vulnerability exploits the 4-way handshake used by the WPA2 protocol by manipulating and replaying the handshake messages between access point and station (client).

Mimosa is actively working on a solution with our technology suppliers to fix this industry wide vulnerability, and anticipate providing a patch release for our A, B and C series products in approximately 2 weeks.

We understand the concerns surrounding this vulnerability, but also want to provide information regarding its applicability to deployed Mimosa equipment. The KRACK vulnerability impacts Wi-Fi stations or clients, not Wi-Fi access points. Mimosa point to point products, and point to multipoint running in SRS mode, while susceptible to KRACK at the station/client side, gain additional protection from the proprietary nature of the proprietary TDMA protocol which a hacker additionally would need to deconstruct to view any unsecured transferred internet traffic. If possible, until a fix exists, we recommend using TDMA on point to multipoint systems instead of the Wi-Fi interop (CSMA) mode.


#4

I like many will be dropping any devices on my network and making considerations about working with companies that do not already have or soon have firmware types updates to fix this problem. In my case my deadline I’ve chosen is by the end of the business day PST Friday, November 3rd. I’m hoping to see that Mimosa either has a fix for the vulnerability or if they are aware of legal issues regarding it’s intentional design into all commodity based WiFi chip sets used in and indoor or modified outdoor setting they have written public notices to consider as that does seem likely given the reality of the design of KRACK as it’s does not seem to be legally a design flaw type bug.