Ever since security researcher Mathy Vanhoef publicly disclosed a serious vulnerability in the WPA2 encryption protocol, tech companies have been on their toes to fix the issue at hand. The new exploit, as first reported by Ars Technica, is called KRACK that takes advantage of vulnerabilities in Wi-Fi security to let attackers eavesdrop on traffic between computers and wireless access points.
According to Vanhoef, major operating systems are vulnerable to the Key Reinstallation Attack, including Android, iOS, Linux, macOS, Windows , and iOS, but it varies from platform to platform. The most vulnerable platforms are Android and Linux.
The researchers also noted that 41 percent of all Android devices are vulnerable to an “exceptionally devastating” variant of the Wi-Fi attack. All Wi-Fi devices are to some degree susceptible to the vulnerabilities making them ripe for data theft or ransomware code injection from any malicious attacker within range.
What you need to do?
To protect yourself from a possible attack, you first need to update your WiFi access point. For those using default ISP router, ask the company if they have patched it. You can make sure your router is up-to-date by browsing the administration panel. Find the user guide for your ISP-branded router and follow the instructions to connect to the admin pages.
If that doesn't work out, you could Ethernet into your router and turn off its wireless function until it’s patched (assuming WiFi can be disabled on your router). Turn off WiFi on your device as well so that you’re sure all traffic goes through that sweet Ethernet cable.
As far as the tech companies are concerned, Microsoft says it has already fixed the problem for customers running supported versions of Windows. Apple also has a patch ready, reports iMore. Unfortunately, the company is going to wait until the next big release to share the fix. But, you can surely fix the KRACK vulnerability by downloading the beta versions of macOS, iOS, tvOS and watchOS.
Coming to the Android devices that apparently are most vulnerable to attack, Google says that the November 6 patch would fix the issue. Google Pixel would be the first to receive the update instantly, but it’s going to take some time before other device manufacturers and carriers approve the update. In fact, it could take weeks or months. Android fragmentation isn’t ideal in those cases.