KRACK vulnerability?

[skatsikeas]

Is the WiFi101 library of Arduino vulnerable to the KRACK vulnerability? If yes, do we have an ETA for the patch?

Thank you

[cmaglie]

Microchip has released a patch today, an upgrade is coming...

http://www.microchip.com/design-centers/wireless-connectivity/embedded-wi-fi/wpa2-protocol-vulnerability

[sandeepmistry]

The link above doesn't actually contain an updated firmware binary, I've contacted Microchip support for clarification on where the new firmware binary can be downloaded from.

[per1234]

Shouldn't this discussion be moved to arduino-libraries/WiFi101#194?

[kbumsik]

Hi, I came from the WiFi101 library issue: arduino-libraries/WiFi101#194.
@per1234 Thank you for mentioning my post. I could have just wait without seeing this discussion.
@sandeepmistry you probably missed it. The link above does actually provides the link to download the binary m2m_aio_3a0.bin and documents on how to update it as well. Click "WINC15x0 Firmware Update and WPA2 Fix" in the above link page or download it directly here: http://ww1.microchip.com/downloads/en/DeviceDoc/WINC1500%20Firmware%20Update%20and%20WPA2%20Fix.zip

[facchinm]

@kbumsik the zip doesn't actually provide a link to the binary, but only three documents explaining how to update. I just checked and updated every bit of Atmel Studio but the bundled firmware is still 19.5.2. Do you have any direct link by any chance?

edit: this is that latest ASF version available publicly (3.34.1)

FirmwareUpdate to 19.5.4 using fw_update_example v1.1.pdf contains a screenshot showing version 3.35.1

[kbumsik]

@facchinm That is weird. The zip should contain two binary files and three documents. Maybe the binary files was ignored by antivirus?

FirmwareUpdate to 19.5.4 using fw_update_example v1.1.pdf explains you still can create the old firmware update project (the ASF indeed has not updated since the KRACK report yet). After you create the project, there will be the old binary file src/firmware/firmware/m2m_aio_3a0.bin in the project directory. You can replace it with the new binary file with the same name in the zip.

[facchinm]

This is SUPER weird; the zip I downloaded only contains the pdfs (the md5 is 17a65ed946a06ee0aec9f9b1208e7239 WINC1500 Firmware Update and WPA2 Fix.zip ).
Could you attach the bin here? Thanks!

[kbumsik]

The md5 is different; mine is 394A8045E06A189BA806D710AF2493BC. It is very weird indeed...You may download it again. Maybe Microchip changed it silently??
Anyway, I upload my zip file here.
WINC1500 Firmware Update and WPA2 Fix.zip

[sandeepmistry]

A PR build of the IDE with a new WiFi101 firmware updater can be found here for those wanting to try it out and provide their feedback: #6840 (comment)

[cmaglie]

The update is now available on the hourly build, and it will be released with IDE 1.8.6.