KRAK Attack and Wattwatchers

Background

In October 2017, a serious vulnerability was discovered in the WPA2 security protocol that is used by most WiFi networks. This vulnerability, nicknamed KRAK, allows an attacker to potentially read all traffic sent over a WPA2-secured WiFi network, and to inject malicious traffic into the network in certain cases.

Note that an attacking device needs be within physical range of the WiFi network.

Wattwatchers

The Wattwatchers WiFi Auditor (2nd generation) uses HTTPS for all energy and control communications. Even if an attacker is able to use the KRAK attack to breach the security of the WPA2 WiFi network, the attacker will not be able to read (or change) the HTTPS traffic, so energy data and control commands will remain confidential and secure.

Updates

This post will be updated when and if more information becomes available.

Reference

https://www.krackattacks.com/