Espressif Releases Patches for WiFi Vulnerabilities (CERT VU#228519)

Shanghai
Oct 16, 2017

Several critical key-management vulnerabilities in the WPA2 security protocol have been discovered. Espressif is hereby releasing patches for these vulnerabilities.

The recently discovered vulnerabilities in the Wi-Fi Protected Access II protocol (WPA2) are of critical security level. These vulnerabilities, also known as KRACK (Key Reinstallation Attack), allow users' internet connections to be hijacked or eavesdropped, while malicious packet injections may also occur.

These vulnerabilities were specified in detail by the United States' Computer Emergency Readiness Team in CERT VU#228519, a note that was originally released on October 16th, 2017. The following CVE IDs have been assigned to document the above-mentioned vulnerabilities in the WPA2 protocol: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087 and CVE-2017-13088.

These vulnerabilities affected the ESP8266 WiFi support and the ESP32 ESP-IDF WiFi support, including released versions v1.0, v2.0 and v2.1. However, Espressif has already fixed them in the following ESP-IDF and ESP8266 versions:

release/v2.1 (ESP-IDF) branch, since commit b6c91ce088ef64bd5b96a5af04885040b42b1816; it will appear in the forthcoming V2.1.1 release.
master branch (ESP-IDF), since commit 904d6c8f2b01de52597b9e16dad19c78ade9e586; it will appear in the forthcoming V3.0 release.
ESP8266 RTOS (ESP8266) master branch, since commit 2fab9e23d779cdd6e5900b8ba2b588e30d9b08c4.
ESP8266 NON-OS (ESP8266) master branch, since commit b762ea222ee94b9ffc5e040f4bf78dd8ba4db596.

Additionally, Arduino ESP32 has been updated accordingly and the relevant link can be found here. Therefore, all Espressif chipset users are strongly encouraged to upgrade their systems as soon as possible.

Many thanks to IT security researcher Mathy Vanhoef, who is a member of the imec-DistriNet group at KU Leuven University, for reporting this issue in the first place. You can find more information about his work on these vulnerabilities here.