KRACK Can Be Patched – But What About IoT?

KRACK Can Be Patched – But What About IoT?
Image: iStock

The WPA2-busting KRACK exploit can be patched. The flaw is serious and potentially effects almost every wireless access point and router in the market. It takes advantage of a vulnerability in the handshake between wireless connection points and client devices. But Apple has said they are testing a patch in the current beta releases of their four operating systems and I expect others to follow,

This is good news and a welcome relief after yesterday’s revelations, which suggested we were in for a world of hurt when it comes to wireless security.

An article at iMore says that Apple has already developed patches for macOS, iOS, watchOS and tvOS. Given we’ve had weekly iOS updates since iOS 11 was released we can expect that one to come soon.

UPDATE: The October 10 update, issued for Windows 10 through Windows Update, included a fix for the KRACK vulnerability. Microsoft chose not to publicise the flaw until other vendors had made their plans public so that bad guys were less likely to take advantage.

IoT devices are another kettle of fish. Many are not designed to be easily updated, if at all, and some manufacturers are quite clueless when it comes to understanding security vulnerabilities and mitigating risks.

Given the severity of KRACK, it’s time to start planning your patching plan. I’d be starting with any device that is used outside the office, where you’re likely to have stronger security monitoring protections in place.

If you’re not already, consider implementing a certificate based authentication service for devices that support it.

With IoT, this is a chance to review your architecture and ensure those devices are air-gapped from the other systems.


  • Any chance of some links on where to start with certificate based authentication and network design for noobs? Would be awesome to learn a bit more about how to build a nice secure network which includes some IoT devices.

  • So, do both ends of a wifi connection need to be patched or just one?

    That is, if I’m connecting to my home wifi with Windows 10 which IS patched, does that make the connection secure even if my router isn’t patched?

    Or is there a difference between “client” and “server” behaviour? Is patching for both or one or the other?

    • Based on what i can understand, only one side needs to be patched. And further information that came overnight suggests exploiting this vulnerability is not a trivial exercise so it would require a determined and well-resourced attacker to use.

Log in to comment on this story!