This isn’t good. There’s a exploit that affects any device that uses WiFi and the WPA2 security protocol. Dubbed “KRACK” or Key Reinstallation Attack, it is scary for this reason:
The bug, known as “KRACK” for Key Reinstallation Attack, exposes a fundamental flaw in WPA2, a common protocol used in securing most modern wireless networks. Mathy Vanhoef, a computer security academic, who found the flaw, said the weakness lies in the protocol’s four-way handshake, which securely allows new devices with a pre-shared password to join the network.
That weakness can, at its worst, allow an attacker to decrypt network traffic from a WPA2-enabled device, hijack connections, and inject content into the traffic stream.
In other words: hackers can eavesdrop on your network traffic.
This affects everything from your iPhone to the debit card machine in a restaurant, not to mention IoT devices. That’s not good. Here’s what’s worse. Patches are slowly rolling out now. But it’s an open question as to when a device might get a patch. Assuming that it gets one at all. So you may end up with a device that never gets patched and is at risk for pwnage via this exploit. Hopefully device manufacturers get it in gear and protect their users quickly.
Microsoft And Apple Have Already Patched “KRACK” Vulnerabilities
Posted in Commentary with tags KRACK on October 16, 2017 by itnerdGood news for those who are running the latest and greatest, or at least the still supported from either Apple or Microsoft. That rather nasty WiFi vulnerability that I told you about this morning has already been fixed. Apple has disclosed via MacRumors that upcoming updates of iOS, macOS, tvOS, and watchOS will have the fixes on board. Microsoft has told The Verge that if you are running a supported operating system and you installed the patches that came out on October 10th, you’re good to go.
Now that’s great for Apple and Microsoft users. But Android users will have to wait weeks for a patch. Maybe months depending on who’s phone you own. And what happens to those who own IoT devices, WiFi routers, etc.? It’s anyone guess if or when they’ll be patched. That means that this will be a problem for some time to come.
Leave a comment »