iStock-541282164.jpg

Providing IoT security is an ongoing effort, not a one-time process. New threats will always emerge. The latest vulnerability to present itself is the Key Reinstallation Attack (KRACK), which exploits a vulnerability in the WPA2 protocols that are commonly used on Wi-Fi networks. The vulnerability allows attackers to intercept and inspect data that was encrypted by the Wi-Fi network.

We have received a number of inquiries from our customers who were looking to better understand what this vulnerability means to their Ayla enabled devices, so I thought I would take some time to share our findings. Based on our analysis, Ayla powered services will not be affected. Ayla independently encrypts and authenticates all data between the device, the Ayla Cloud Service, and mobile devices running Ayla-based applications, leveraging a combination of TLS 1.2 and unique device side keys, regardless of any security provided by the Wi-Fi network. Ayla’s encryption and authentication methods are not vulnerable to the exploit that has been discovered in WPA2.

Ayla powered services are protected. Attackers leveraging KRACK:

  • Cannot gain unauthorized access to an Ayla enabled device, the Ayla Cloud Service, or Ayla powered mobile application
  • Cannot decrypt any sensitive data between the device, the cloud service, or a mobile device running an Ayla application
  • Cannot control Ayla devices, or obtain any user data or account information
  • Cannot use information from Ayla devices to compromise the Wi-Fi network, or other devices on it
Additionally, Ayla is working with our Wi-Fi chip partners to identify the products which are vulnerable to the KRACK exploit, and will provide recommendations and updated software to help our partners patch this vulnerability as soon as possible. Ayla is dedicated to staying on top of all the latest security technologies, standards, protocols, and best practices to ensure that no matter the type of device, your devices are secure.

Peter Hunt is the Vice President of Device Engineering at Ayla Networks and leads Ayla’s engineering team responsible for Wi-Fi modules, embedded systems, and Linux solutions. For more than 20 years, he has designed and developed network protocols, drivers, and applications. Hunt joined Ayla in 2014 after five years at Silver Spring Networks, where he was director of platform firmware. He also worked at Nokia and Digital Equipment Corp. Hunt holds a bachelor’s degree in computer science from the University of Queensland in St. Lucia, Australia.