Yesterday, it was announced by security researchers the WPA2 Wi-Fi security protocol had been breached by an exploit dubbed as KRACK, affecting almost all Wi-Fi devices.
One of the researchers who discovered the exploit, Matty Vanhoef, explained “Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on.”
Researchers note the exploit is particularly dangerous for Linux users and Android users on 6.0 software or higher (41%), because “Android and Linux can be tricked into (re)installing an all-zero encryption key.”
Apple has confirmed to me that the KRACK exploit has already been patched in iOS, tvOS, watchOS, and macOS betas.
Ritchie also says “it’s my understanding that Apple’s AirPorts, including Express, Extreme, and Time Capsule don’t seem be vulnerable to the exploit, even if using one as a bridge.”
Expect the latest fixes from Apple to be released to the public in a few weeks, which may seem like an eternity for those who seek security when connected to Wi-Fi.
Microsoft said it already released Windows updates to fix KRACK on October 10th, but told The Verge it “withheld disclosure until other vendors could develop and release updates.”
How to protect yourself from KRACK if you’re paranoid? Use an ethernet connection to connect to the web and stay off devices which do not have Wi-Fi software patches yet.
Stay tuned as more hardware vendors release updates for this WPA2 Wi-Fi exploit.