KRACK Vulnerability Makes Wi-Fi WPA2 Protocol Hacking Possible
As reported, Ars Technica Key Reinstallation Attacks—or KRACK—lets attackers intercept data between your device and a WiFi router including emails, passwords, personal information and anything else you’d transmit over the supposedly secure WPA2 connection.
There haven’t been any reported cases of this vulnerability being exploited on a widespread basis. That being said, the vulnerability does exist.
KRACK vulnerabilities affect all devices that use WPA2, regardless of the platform. This includes Windows, macOS, tvOS, Android, iOS, and Linux devices. Your computers, tablets, laptops, smartphones, internet-of-things devices, streaming set-top boxes, etc. The vulnerability is focused on the clients and not the routers.
Attackers must be within WiFi range. This is the next best news. This isn’t something that’s going to infect you over the internet or from a shady email link. An attacker has to be within physical WiFi range to exploit the vulnerability. This means parked outside your house, camped out in your company’s server room, or sitting next to you in a coffee shop.
Microsoft’s October 10 Windows 10 cumulative update included a fix for the KRACK vulnerability.
The first point update to iOS 11 for the iPhone, iPod Touch, and iPad fixes the KRACK vulnerability.
Linux and Android devices remain vulnerable, install software updates for your Android and Linux devices soon as they are available.
WPA2 is a protocol between your device and your wireless router. WiFi routers will need firmware updates to fix this issue. Developers are working on these fixes, but few if any are available right now. You can check for firmware updates on your router’s setup page.