An Update on KRACK

Update 11/1/17: We have now rolled out an update to all August Doorbell Cams and Doorbell Cam Pros with a patch for KRACK.

News broke that security researchers discovered a flaw named KRACK (Key Replacement Attack) against Wi-Fi WPA2 security protocol. KRACK could allow attackers within physical range of a vulnerable Wi-Fi access point or client device to intercept passwords and other vital personal information. The Verge has an excellent description of the vulnerability here and there have been no reported exploitations of the vulnerability so far.

The first thing August’s security team does when a vulnerability is announced is determine whether or not our customers’ safety is at risk. After evaluating KRACK’s mechanism, we concluded that the security of August Smart Locks are not affected by the KRACK vulnerability because we secure communication between your phone and our servers with SSL, which is not affected by KRACK, and additional security measures. As a result, an intruder could not exploit KRACK to operate an August Smart Lock.

Additionally, we are investigating WPA2 Wi-Fi vulnerabilities for our Wi-Fi devices. We’ll push an over-the-air (OTA) update to your August Connect Wi-Fi Bridge and August Doorbell Cams as quickly as possible, likely in the coming weeks. (Update 11/1/17: We have pushed a fix to all August Doorbell Cams and Doorbell Cam Pros) The updates are automatic so there is no action required for our customers. We will update our customers as we have more information to share.