It’s worth mentioning that all Particle devices maintain a secure and encrypted session that does not rely on the security of the Wi-Fi network. We’re definitely going to patch quickly and often, as always, but we expect a Particle device to be secure on a totally unsecured WiFi network, so a compromised WPA2 network isn’t a threat.
Cypress has responded (Cypress community login required).
We use a 43362 module and are vulnerable to “group 2” of the CVEs (CVE-2017-13080, CVE-2017-13081). By the end of October, Cypress will release the following WICED Studio versions that will address these CVEs:
As soon as we get those versions of WICED Studio, we’ll release system firmware versions with the patches. At that point, all of you can build your apps with those new system firmware versions, and all will be well.
Status update — for those of you who have cloned the firmware repo and set up the toolchain to build locally, the KRACK fixes from Cypress have been incorporated into 3 firmware branches:
Building and flashing all modules (system and app) on these branches will give you a device that is resistant to KRACK. Please don’t do this for production deployments.
The process now begins to cut releases with these changes: 0.5.5, 0.6.3, 0.7.0-rc.4. The firmware release process typically takes days or weeks of QA to ensure compatibility with a lot of sensors and products, depending on what surprise issues arise. We’ll update this thread again when the releases are out.