REGARDING THE SECURITY VULNERABILITY KNOWN AS ‘KRACK'

November 2, 2017

Dear Portal Owners,

An automatic software upgrade (version 1.2.208) has been released to eliminate the 'KRACK" vulnerability in Portal mesh systems. Single Portal systems have not been vulnerable. The automatic software update occurred at 2am local time.  We apologize for any interruption in operation during the update. 

While the update removes the vulnerability to Portal, 'KRACK' can still affect your client devices.  We recommend that you update your clients to the latest software revisions and continue to be diligent with your client's virus protection.

The team continues to work to make Portal among the most secure routers. However, when vulnerabilities are discovered we will provide automatic updates as soon as possible.

Best regards,

Terry

Co-Founder & CEO

____________________________________________________________________________________

October 16, 2017
REGARDING THE SECURITY VULNERABILITY KNOWN AS ‘KRACK’

Dear Portal Owners,

You may have become aware of a recently discovered vulnerability in WiFi networks using WPA2
encryption that can allow unauthorized users access to your WiFi network and data traffic. This is being
referred to as KRACK (for Keyed Reinstallation Attack ).

This is an industry-wide vulnerability impacting many WiFi products; primarily client devices that access
WiFi (such as smartphones, PCs, etc.), but also many mesh-routers like Portal. While no attacks have
been reported, we consider security threats with the highest concern and want to update you on how
this may affect your Portal WiFi router.

Portal WiFi Routers can be used in two ways: (1) as a single, standalone WiFi router or (2) in combination
with two Portal routers as part of a mesh WiFi system.

Your network is NOT vulnerable to this attack if you use only one Portal (as a standalone WiFi
router) or you have multiple Portal routers which are ALL connected by ethernet cables (a
non-mesh system).

Your network MAY BE affected if you are using more than one Portal connected wirelessly (in a
mesh WiFi system).

However, it is important to understand that KRACK has specific conditions for risk. For example, the attacker has to be within the range of your WiFi network. They can only eavesdrop on unsecured traffic and
only if they have they have the right tools … it isn’t easy. They cannot obtain your WiFi password, and in
the case of Portal WiFi routers, the attacker cannot inject packets to alter your traffic. In other words, you
cannot be attacked from miles away, your Portal cannot be hijacked, and if you are using SSL and HTTPS security protocols, as most banking websites and secure payment sites do, your data remains safe.

We have identified a patch to correct this vulnerability and are working to release a new version of the
firmware within a week or so, after compliance testing. The firmware calendar link appears below.

If you are still concerned and would like to eliminate exposure, we recommend disabling mesh and using
Portal in single, standalone mode until we issue the new firmware patch. To do this, simply unplug the
power cord of your second Portal router (the one not directly connected to your modem.)

It is also important to remember that KRACK can affect WiFi devices like computers, phones, and tablets.
We recommend updating your devices to the latest firmware and/or operating system versions when
manufacturers make them available.

We are doing everything we can to address this issue for our mesh users as swiftly as we can. If you have any concerns, please reach out to us on Twitter @GetPortalNow or visit our support site.
The security of our users is our number one priority.

Terry

Co-Founder & CEO