WiFi security update
KRAK Attack and Wattwatchers
In October 2017, a serious vulnerability was discovered in the WPA2 security protocol that is used by most WiFi networks. This vulnerability, nicknamed KRAK, allows an attacker to potentially read all traffic sent over a WPA2-secured WiFi network, and to inject malicious traffic into the network in certain cases.
Note that an attacking device needs be within physical range of the WiFi network.
The Wattwatchers WiFi Auditor (2nd generation) uses HTTPS for all energy and control communications. Even if an attacker is able to use the KRAK attack to breach the security of the WPA2 WiFi network, the attacker will not be able to read (or change) the HTTPS traffic, so energy data and control commands will remain confidential and secure.
This post will be updated when and if more information becomes available.