The WPA2-busting KRACK exploit can be patched. The flaw is serious and potentially effects almost every wireless access point and router in the market. It takes advantage of a vulnerability in the handshake between wireless connection points and client devices. But Apple has said they are testing a patch in the current beta releases of their four operating systems and I expect others to follow,
This is good news and a welcome relief after yesterday’s revelations, which suggested we were in for a world of hurt when it comes to wireless security.
An article at iMore says that Apple has already developed patches for macOS, iOS, watchOS and tvOS. Given we’ve had weekly iOS updates since iOS 11 was released we can expect that one to come soon.
UPDATE: The October 10 update, issued for Windows 10 through Windows Update, included a fix for the KRACK vulnerability. Microsoft chose not to publicise the flaw until other vendors had made their plans public so that bad guys were less likely to take advantage.
IoT devices are another kettle of fish. Many are not designed to be easily updated, if at all, and some manufacturers are quite clueless when it comes to understanding security vulnerabilities and mitigating risks.
Given the severity of KRACK, it’s time to start planning your patching plan. I’d be starting with any device that is used outside the office, where you’re likely to have stronger security monitoring protections in place.
If you’re not already, consider implementing a certificate based authentication service for devices that support it.
With IoT, this is a chance to review your architecture and ensure those devices are air-gapped from the other systems.