Companies are taking action against the Wi-Fi security threat dubbed KRACK by researchers.
Yesterday (16 October), a vulnerability known as KRACK (key reinstallation attack) was disclosed by security researchers. It affected Wi-Fi Protected Access 2 (WPA2), meaning that the privacy of a user’s Wi-Fi connection would be compromised if an attack were to take place.
Following the publication of the findings by researchers, the advice was for customers to install software updates on all relevant devices and keep up to date with patches issued by companies to combat the problem.
Apple on the case
According to MacRumors, Apple told tech critic Rene Ritchie that the KRACK exploit had already been patched in betas of all potentially affected operating systems. CNET confirmed that the patch will be extended to all Apple devices in the coming weeks.
Apple has confirmed to me that #wpa2 #KRACK exploit has already been patched in iOS, tvOS, watchOS, macOS betas.
Deeper dive to follow.
— Rene Ritchie (@reneritchie) October 16, 2017
Microsoft calls for updates
Microsoft informed The Verge that it has fixed the issue for customers running supported versions of Windows. The company said that the latest Windows 10 update released on 10 October will protect customers.
Google has promised a fix for devices in the coming weeks. Naturally, its own Pixel devices will be sorted first, but it will take time to patch other Android devices due to the vast quantities of companies with products operating under Android OS.
When exactly updates from Samsung and other manufacturers will arrive has yet to be confirmed.
No evidence for malicious use of KRACK
The Wi-Fi Alliance made a statement on the matter, providing some reassurance.
“There is no evidence that the vulnerability has been exploited maliciously, and Wi-Fi Alliance has taken immediate steps to ensure users can continue to count on Wi-Fi to deliver strong security protections. Wi-Fi Alliance now requires testing for this vulnerability within our global certification lab network and has provided a vulnerability detection tool for use by any Wi-Fi Alliance member.
“Wi-Fi Alliance is also broadly communicating details on this vulnerability and remedies to device vendors, and encouraging them to work with their solution providers to rapidly integrate any necessary patches. As always, Wi-Fi users should ensure they have installed the latest recommended updates from device manufacturers.”
The International Consortium for Advancement of Cybersecurity on the Internet also made a statement on the issue, stating that organisations such as Cisco, Intel, Microsoft and Juniper had all been in contact to discuss the issue.
For those keeping an eye out for a specific update, they will be published when available on the sites of affected companies.