What is the KRACK?
In short, an attacker within range of a person logged onto a wireless network could use key reinstallation attacks (KRACK) to bypass WPA2 network security and read information that was previously assumed to be securely encrypted — thereby enabling them to steal sensitive data passing over the network, be it passwords, credit card numbers, chat messages, emails, photos, etc.
To learn more, please see this TechCrunch article.
Is my Rachio affected?
All messages between Rachio products and our servers are encrypted to ensure all user data is secure and not visible to attackers. Our security team is investigating the KRACK vulnerability and will release any updates needed to address the issue. We recommend our users follow guidelines released by the WiFi Alliance and ensure their network equipment is running on the latest software available.
UPDATE: 10/18/17; 9:30a MST
Our Wi-Fi vendors have identified patches for Generation 1 and Generation 2 controllers. The patch will be automatically applied once available; no updates by the user are required. Additional information for the Generation 1 fix is available here.
What can I do to protect myself?
As noted above, we recommend our users follow guidelines released by the WiFi Alliance and ensure their network equipment is running on the latest software available. So you should update all your routers and Wi-Fi devices (laptops, phones, tablets, etc.) with the latest security patches.
To learn more about possible vulnerabilities to your Smart Home, please see this CNET article.
Still have questions?
Please join the conversation on our community.