Security researcher Mathy Vanhoef discovered a new threat that may put almost all Wi-Fi devices at risk, dubbed KRACK -- key reinstallation attacks. Vanheof said that the threat comes from the vulnerability of WPA2, the Security Protocol of pretty much all Wi-Fi devices, which means that many have cause for concern.
If attackers try to exploit this WPA2 vulnerability, they can potentially eavesdrop on unencrypted traffic or even send malicious malware onto devices to steal log-in credentials, according to a report by Slash Gear.
How does KRACK work?
WPA2 essentially secures the Wi-Fi connection between the router and a device. If WPA2 is compromised, it gives hackers the freedom to do as they wish. KRACK can be very difficult for hackers to pull off successfully. For one thing, they need to be physically present, and within range of a Wi-Fi device, that they intend to attack and a wide-scale attack is almost impossible to be carried out. This also means that an average user is very unlikely to be targeted. However, this doesn’t make you safe from the attack, and you still need to be cautious.
There are no patches yet for KRACK
The bad news is that there are still no patches available for KRACK as of this writing, which means all Wi-Fi devices are still vulnerable in one way or another.
Slash Gear also cited that merely updating routers won’t solve the problem and that every device needs to be patched, including smartphones and computers.
Security researchers said that KRACK is very difficult to patch compared to other bugs as KRACK targets a weakness of the WPA2 in a way it reinstalls private keys, meaning every attack is unique.
This also means that a patched device is not an assurance that it will be protected from every attack.
According to The Verge, Apple released a beta version of a patch for their operating systems and is expected to go public in the next few weeks. Google promises that the company will also release a patch for the bug in the coming weeks.
Unfortunately, Android users will need to wait a little longer for their patch to arrive as it takes time to release patches to every single Android device unless you’re using Pixel devices..
The best way of avoiding such attacks is to stay away from public Wi-Fi for some time. If that’s too impossible for you, you should refrain from accessing your sensitive data like bank log-ins when you're using public Wi-Fi.