Ah, WPA2 (Wi-Fi Protected Access): you've protected our Wi-Fi so well for so many years now.
Unfortunately, that illusion of safety was shattered earlier today when security researcher Mathy Vanhoef reported a vulnerability in the WPA2 handshake protocol that he's calling KRACK (for “Key Reinstallation Attack). Since almost every modern Wi-Fi device uses it, that effectively means every modern Wi-Fi compatible device is vulnerable. You'll find more information about it in our earlier coverage.
Fortunately, Apple, Google and Microsoft have all already issued statements saying they've addressed the issue in some form or another.
Microsoft, in fact, has already addressed the vulnerability, along with an exhaustively detailed list of the changes it made. You should be able to protect your PC or any other Windows-powered device with a simple update.
“Microsoft released security updates on October 10th and customers who have Windows Update enabled and applied the security updates, are protected automatically,” the company said in a statement. “We updated to protect customers as soon as possible, but as a responsible industry partner, we withheld disclosure until other vendors could develop and release updates.”
- Check out our best VPN guide; any of the top-rated VPN services is likely to be good enough to protect you, even with KRACK around.
Apple informed Rene Ritchie of iMore that it had already patched the vulnerability in the betas for iOS, tvOS, watchOS and macOS. However, these betas are still largely only available to developers, but they should, hopefully, go out to consumers relatively soon.
Google, meanwhile, said that it is working on resolving it.
“We're aware of the issue, and we will be patching any affected devices in the coming weeks,” the Mountain View, California company said in a statement to CNET.
The Wi-Fi Alliance, a nonprofit agency that certifies products for Wi-Fi security, announced that it would start testing for the vulnerability as part of its standard program.
“Wi-Fi Alliance now requires testing for this vulnerability within our global certification lab network and has provided a vulnerability detection tool for use by any Wi-Fi Alliance member,” the organization said in its statement. “Wi-Fi Alliance is also broadly communicating details on this vulnerability and remedies to device vendors and encouraging them to work with their solution providers to rapidly integrate any necessary patches.”
The agency also said in the same statement that a “straightforward software update” should fix the issue, and the actions being taken by Microsoft, Apple and Google seem to confirm that.
So, if you're using an iOS or Android device, try to stay off of public Wi-Fi networks for now. If you absolutely must use public Wi-Fi, make sure you stick to secured sites that have HTTPS in their web address. And, of course, hope that Google and Apple roll out their patches soon.
- Need a new Wi-Fi router? Black Friday could be the best time to buy one