A major Wi-Fi vulnerability has been announced that affects every single device that supports Wi-Fi.
The Wi-Fi vulnerability called “KRACK”, is short for Key Reinstallation Attacks and it works against all modern protected Wi-Fi networks.
An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs). This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, etc.
Android, Linux, Apple, Microsoft Windows, Linksys and more, are known to be affected by this at this time. The list of affected vendors includes Amazon, Cisco and Netgear and many many more. They should be releasing patches to fix this issue in the coming days.
Good news for Apple users as the ‘KRACK’ Wi-Fi Vulnerabilities are already patched in iOS, macOS, watchOS, and tvOS Betas, and are currently available to developers – they will be rolling out to consumers soon. Click here for more details
And Google says it will patch its Android gadgets in “the coming weeks.” Click here for more details
What can you do in the meantime?
- Consult your IT provider for any specific information pertaining to your IT environment.
- Until further notice, be wary of using public Wi-Fi networks in coffee shops etc., as you’re more likely to run into this attack on a public network.
- Stick to HTTPS so your web browsing is encrypted even if it travels over an unencrypted connection.
- Consider using a VPN (Virtual Private Network), which means that all your network traffic (not just your web browsing) is encrypted, from your laptop or mobile device to your home or work network, even if it travels over an unencrypted connection along the way.
- Apply KRACK patches for your devices (and access points) as soon as they are available.
- Also know that a KRACK is mostly a local vulnerability, and that attackers need to be within range of a wireless network.