|
The bug affects wpa_supplicant and hostap. The latter most probably isn't used on the Kobo eink readers, but the former is for connecting to wireless LANs. However, the attack mentioned does not in a compromise of the WPA2 passphrase, but instead a single session can be read. For a ebook reader I would guess that its WLAN is off most of the time, and only sporadically switched on for syncing. At least as a temporary user measure this shouldn't be a burden on users. And even if a session gets compromised at the data link level, I fail to see what damage could be done? A firmware download is rare, and then the attacker doesn't get any valuable information I would think. Sending a hacked firmware inband doesn't seem to be really possible, but I might be wrong here. Seeing reading statistics also doesn't strike me as too dangerous unless in those cases where someone doesn't want even Kobo to see them. So the danger of Krack on ebook readers doesn't strike me as even low.
|