“KRACK” WiFi Exploit Affects Every WiFi Device Out There

This isn’t good. There’s a exploit that affects any device that uses WiFi and the WPA2 security protocol. Dubbed “KRACK” or Key Reinstallation Attack, it is scary for this reason:

The bug, known as “KRACK” for Key Reinstallation Attack, exposes a fundamental flaw in WPA2, a common protocol used in securing most modern wireless networks. Mathy Vanhoef, a computer security academic, who found the flaw, said the weakness lies in the protocol’s four-way handshake, which securely allows new devices with a pre-shared password to join the network.

That weakness can, at its worst, allow an attacker to decrypt network traffic from a WPA2-enabled device, hijack connections, and inject content into the traffic stream.

In other words: hackers can eavesdrop on your network traffic.

This affects everything from your iPhone to the debit card machine in a restaurant, not to mention IoT devices. That’s not good. Here’s what’s worse. Patches are slowly rolling out now. But it’s an open question as to when a device might get a patch. Assuming that it gets one at all. So you may end up with a device that never gets patched and is at risk for pwnage via this exploit. Hopefully device manufacturers get it in gear and protect their users quickly.


3 Responses to ““KRACK” WiFi Exploit Affects Every WiFi Device Out There”

  1. […] running the latest and greatest, or at least the still supported from either Apple or Microsoft. That rather nasty WiFi vulnerability that I told you about this morning has already been fixed. Apple has disclosed via MacRumors that […]

  2. […] first reason is that all these updates have a fix for the rather serious KRACK vulnerability where hackers could exploit a flaw in the WPA2 protocol to decrypt network traffic to sniff out […]

  3. […] a software update waiting. Chances are that you have as Apple has released an update that fixes the KRACK vulnerability in those […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: