KRACK’s range of affected device includes Windows, Apple, Android, Linux, and so on. Indeed, a sense of satisfaction can be developed as the Krack attack isn’t that easy to implement even though it causes a threat to a large number of devices. And it isn’t that easy to fix either because it exploits a fundamental loophole in the way WPA2 key reinstallation occurs.
A good news for Windows users that they don’t need to worry. Microsoft has already issued a security patch related to KRACK attack as a part of the Patch Tuesday update on October 10.
“Microsoft released security updates on October 10, 2017, as part of Update Tuesday to resolve this vulnerability in all affected editions of Windows,” the company said in an advisory.
“Customers who have Windows Update enabled and who applied the latest security updates are protected automatically. The Security Update Guide was updated on October 16, 2017, to provide full disclosure on this vulnerability in accordance with a multi-vendor coordinated disclosure.”
But Microsoft isn’t the first in line to address the issue. OpenBSD released a security patch way back in July. Also, as seen on Charged, a security patch is now available for Linux. Debian systems can be updated with the same. Also, security patches for Ubuntu 14.04 and above are out now. The same for Gentoo are also available.
Regarding Android devices, which the KRACK is assumed to hit the hardest, Google will be pushing a security update in the coming weeks. It’s very likely that Pixel and Nexus devices would be the first recipients. And thanks to the slow update process in the Android ecosystem, other manufacturers might follow soon.
According to CNET, the networking hardware makers Belkin-owned Linksys and Wemo said that they aware of the recently known security exploit and any information will be updated on their security advisory page. Netgear is also aware of the Krack attack; their security advisory details the list of affected devices and the method to update the firmware.
Apple is also testing security updates for macOS, iOS, watchOS, and tvOS in their beta versions. Intel has also addressed the issue in an advisory and released updated WiFi drivers for their affected chips.
WiFi Alliance, which certifies WiFi devices, has released a vulnerability detection tool for its members and said it requires testing for this vulnerability within their global certification lab network, ZDNet reports.
Other than smartphones and computers, you should take measures to update your other WiFi-enabled devices including routers, printers, televisions, refrigerators, etc. Because, who knows, someone might be preparing a sophisticated attack.
What are your views on the latest WiFi vulnerability? Drop your thoughts in the comments.