The KRACK vulnerability discovered in the WiFI WPA2 protocol is one of the most serious security flaws we’ve encountered in the past few years. The worst part is that it will take a long time before everyone is safe again.
To go back over the info again- security researchers discovered an exploit called KRACK, which stands for Key Reinstallation AttaCK, which works off a weakness in the code behind WPA2, which is the protocol that makes wireless connections work. An attacker could use this vulnerability to listen in on all your conversations, pick up unencrypted data from your devices as you browse the Internet. Some safety checks are in place, especially since browsers set up separate secure connections that don’t rely on WPA2; plus, if you’re browsing HTTPS pages, your conversations are still safe.
In order to keep yourself and your cyber secrets safe from prying eyes, it’s important, as always, to keep your devices updated to the latest security patches. Vendors have already begun releasing these updates, while others have them scheduled. The difficulty of rounding up security around your devices is that it requires multiple updates – your computer, smartphone, router, WiFi devices. We’re not even going to mention all those IoT devices that have an Internet connection, which will only get an update if their main job is to connect to the Internet, like a home assistant, for instance.
You can read more about KRACK and the dangers of this new vulnerability here.
Either way, we thought we’d walk you through some of the companies that have released a security update and those that are planning to do so in the weeks that come.
First off, Microsoft has already released a security update on October 10th for this vulnerability. “We updated to protect customers as soon as possible, but as a responsible industry partner, we withheld disclosure until other vendors could develop and release updates,” the company said. Ubuntu, Debian, and Linux have also been patched already, but that was to be expected given their quick response time in such cases.
Apple has already released a fix in beta for iOS, MacOS, WatchOS, and TVOS, but they’reonly getting rolled out in a software update in the coming weeks. Until then, if you really want to, you can still install the beta OS versions, but there might be bugs you won’t like, like with any software that’s in this stage of development.
Google announced it will release an Android update for the affected devices in the coming weeks, too. Given how the researchers pointed out that Android devices are extremely vulnerable to this type of attack, there’s a certain sense of urgency here. Hopefully, the vendors will also recognize this same issue and help push the updates to the devices without delay. Google Chromecast, Home and WiFi will also receive updates in the weeks that come. No word on when Chromebooks will get theirs, but it shouldn’t be too far behind.
Samsung has announced that they too are working on rolling out patches to smartphones in the coming weeks, but there’s no news about whether TVs and appliances are getting an update too. LG‘s smartphones will also receive an update soon, as the company is working with Google to address the problem plaguing Android.
Router makers Linksys, Netgear, and D-Link are also working on the issue. D-Link, for instance, said it is working with chipset manufacturers and as soon as patches are received and validated, the updates will be posted.
Intel is working on firmware and software updates to address the vulnerability, but AMD has yet to comment.
CERT has a full list of companies that have and have not been affected by the WPA2 issue and notes if they’ve each released an update yet or not.