“KRACK” WiFi Exploit Affects Every WiFi Device Out There
This isn’t good. There’s a exploit that affects any device that uses WiFi and the WPA2 security protocol. Dubbed “KRACK” or Key Reinstallation Attack, it is scary for this reason:
The bug, known as “KRACK” for Key Reinstallation Attack, exposes a fundamental flaw in WPA2, a common protocol used in securing most modern wireless networks. Mathy Vanhoef, a computer security academic, who found the flaw, said the weakness lies in the protocol’s four-way handshake, which securely allows new devices with a pre-shared password to join the network.
That weakness can, at its worst, allow an attacker to decrypt network traffic from a WPA2-enabled device, hijack connections, and inject content into the traffic stream.
In other words: hackers can eavesdrop on your network traffic.
This affects everything from your iPhone to the debit card machine in a restaurant, not to mention IoT devices. That’s not good. Here’s what’s worse. Patches are slowly rolling out now. But it’s an open question as to when a device might get a patch. Assuming that it gets one at all. So you may end up with a device that never gets patched and is at risk for pwnage via this exploit. Hopefully device manufacturers get it in gear and protect their users quickly.
October 16, 2017 at 3:51 pm
[…] running the latest and greatest, or at least the still supported from either Apple or Microsoft. That rather nasty WiFi vulnerability that I told you about this morning has already been fixed. Apple has disclosed via MacRumors that […]
October 31, 2017 at 1:59 pm
[…] first reason is that all these updates have a fix for the rather serious KRACK vulnerability where hackers could exploit a flaw in the WPA2 protocol to decrypt network traffic to sniff out […]
December 13, 2017 at 1:19 pm
[…] a software update waiting. Chances are that you have as Apple has released an update that fixes the KRACK vulnerability in those […]