Thread: WPA2 KRACK: Kobo official response?
View Single Post
Old 11-06-2017, 05:25 AM   #19
Robik
Junior Member
Robik has much to be proud ofRobik has much to be proud ofRobik has much to be proud ofRobik has much to be proud ofRobik has much to be proud ofRobik has much to be proud ofRobik has much to be proud ofRobik has much to be proud ofRobik has much to be proud ofRobik has much to be proud ofRobik has much to be proud of
 
Posts: 7
Karma: 27948
Join Date: Apr 2016
Device: Kobo Aura H2O
Quote:
Originally Posted by eenk View Post
The bug affects wpa_supplicant and hostap. The latter most probably isn't used on the Kobo eink readers, but the former is for connecting to wireless LANs. However, the attack mentioned does not in a compromise of the WPA2 passphrase, but instead a single session can be read. For a ebook reader I would guess that its WLAN is off most of the time, and only sporadically switched on for syncing. At least as a temporary user measure this shouldn't be a burden on users. And even if a session gets compromised at the data link level, I fail to see what damage could be done? A firmware download is rare, and then the attacker doesn't get any valuable information I would think. Sending a hacked firmware inband doesn't seem to be really possible, but I might be wrong here. Seeing reading statistics also doesn't strike me as too dangerous unless in those cases where someone doesn't want even Kobo to see them. So the danger of Krack on ebook readers doesn't strike me as even low.
Connections to kobo.com -> https. You can't see nothing.
You can see only http connections from web browser.
Robik is offline   Reply With Quote