Almost a month after Microsoft released its fixed for KRACK in October, Apple has released updates for all four of their operating systems. And while it’s new emojis and other window dressing that you’ll notice up front, a fix fit the KRACK vulnerability is a big ticket item.
Tagged With KRACK
As the dust settles on the KRACK vulnerability and vendors distribute patches to decrease our exposure to this challenge, I've been thinking about whether KRACK was really about exploiting a vulnerability and what that means about securing systems. Over the last four years or so, there have been some significant milestones or events when it comes to infosec. I think KRACK is one of those pivot moments.
A huge flaw in Wi-Fi devices using WPA and WPA2 security encryption was exposed by Mathy Vanhoef, working out of KU Leuven, yesterday. Attackers can use this flaw to steal sensitive data – passwords, credit card numbers, emails – or inject malicious software into websites. If you’re using an Android device, an attack could be “exceptionally devastating”.
Here’s what you need to know.
The WPA2-busting KRACK exploit can be patched. The flaw is serious and potentially effects almost every wireless access point and router in the market. It takes advantage of a vulnerability in the handshake between wireless connection points and client devices. But Apple has said they are testing a patch in the current beta releases of their four operating systems and I expect others to follow,
KRACK - or the Key Reinstallation AttaCK - looks like the new infosec word we all need to know. According to the authors of a paper that will be presented at conference in a couple of weeks, Mathy Vanhoef of KU Leuven and Frank Piessens say they have found a way to circumvent WPA2 security - one of the key tools used for protecting wireless networks. If KRACk proves to be true, all bets are off when it comes to stopping eavesdroppers from listening in to your wireless network.
Your home Wi-Fi might not be as secure as you think. WPA2 -- the de facto standard for Wi-Fi password security worldwide -- may have been compromised, with huge ramifications for almost all of the Wi-Fi networks in our homes and businesses as well as for the networking companies that build them. Details are still sketchy as the story develops, but it's looking like a new method called KRACK -- for Key Reinstallation AttaCK -- is responsible.