Yesterday US-CERT released information on a new vulnerability with the catchy name of “Krack” (Key Reinstallation AttaCK) that could allow an attacker to take control of a wireless (Wi-Fi) device and intercept your confidential data.
This link HERE further explains the vulnerability and provides steps to protect your devices:
Here is the latest status on patches:
- Windows issued a patch last Tuesday ahead of the official news release yesterday. If you allow automatic updates to your Windows devices, you are already patched.
- Linux and FreeBSD systems have patches available. This is often used in entertainment systems and printers, so If you allow automatic updates, you may already be patched.
- Apple macOS and iOS has yet to release a patch, but one is expected in the next couple of weeks.
- Android devices which rarely see updates anyway, need patches developed, so check for updates from your device manufacturer.
- IoT (Internet of Things) devices like smart thermostats, doorbells, locks, cameras, security sensors, appliances, etc. are rarely if ever updated. It’s unclear at this time how or if they will be patched, so check for updates from your device manufacturer.
- Home routers are also vulnerable, so check to see if there is a software update available for download from the manufacturer.
Patching your mobile devices for the Krack vulnerability will protect them if they encounter an unpatched Wi-Fi router. Patching your home router will protect unpatched mobile or IoT devices in your home. In the meantime, keep using the WPA2 security setting for your wireless devices. Even with this risk, WPA2 is far more secure than the WEP alternative. If you’re still concerned, consider disabling your Wi-Fi (not cellular) service on your personal devices until you are patched.