The latest "devastating" story in the cybersecurity world came thanks to KRACK, making everyone's Monday a little blue-r. The Wi-Fi exploit that has been called everything from fatal to catastrophic likely affects all Wi-Fi supporting devices. However, there is some light in all this gloom.
How to keep yourself safe from WPA2 KRACK exploit
As reported in our original post on security researcher Mathy Vanhoef's report, the WPA2 exploit affects the handshake process of the security protocol. Not sure what you can do to protect yourself? It's not that difficult (unless you own an IoT device). Here are some tips to help you protect yourself on the faulty Wi-Fi networks.
- Try to stick to websites offering https since data transmitted through https is mostly secure.
- Avoid public Wi-Fi networks; if you have to use them, do that through a VPN service.
- You can also opt to use VPN while at home, as well, since data gets another layer of protection through these services - if legitimate.
- If possible, use an Ethernet cable for internet connectivity since the exploit affects 802.11 traffic between a router and a device.
- Contact your vendor to make sure your network is being protected with the flaw being patched.
- Nope, no password change is required - for a change.
Remember, Vanhoef's research was kept a closely guarded secret to give vendors and companies enough time to work on a patch. At the time of speaking, several have already released a patch to fix this damning flaw. While Google and Apple are yet to bring a patch, Microsoft in a statement wrote that it has already released a security update to address the issue.
"Customers who apply the update, or have automatic updates enabled, will be protected," the company spokesperson said. "We continue to encourage customers to turn on automatic updates to help ensure they are protected."
Who has patched up KRACK so far (status)
- Apple - patched in betas sent to iOS, watchOS, macOS, tvOS developers; users still to receive the update
- *Amazon - currently in review process
- Arch Linux - WPA Supplicant patch, Hostapd patch
- Aruba
- *AVM - fix may not arrive due to issue's "limited attack vector."
- *Belkin Linsys - currently in review process
- Cisco Meraki
- *Dell - currently in review process
- DD-WRT
- Debian/Ubuntu
- *Espressif Systems
- *Fedora
- Fortinet
- Google (devices on Nov 6 security update will be protected)
- *HostAP
- Intel
- Lede - working on a patch that will be released with LEDE 17.1.4
- *LineageOS
- Linux
- Microsoft (fix released on Oct 10; updated automatically)
- *Microchip Technology
- MikroTik
- Netgear: WAC120, WAC505/WAC510, WAC720/730, WN604, WNAP210v2, WNAP320, WNDAP350, WNDAP620, WNDAP660, WND930
- OpenBSD - patched in July
- *Sophos - releasing soon
- *Synology - releasing soon
- *TP-Link - currently reviewing if it's affected
- Ubiquiti
- *Ubuntu
- *Watchguard Cloud
- *Wi-Fi Standard
CERT said that Arista Networks Inc, Lenovo and Vmware are not affected to KRACK.
We are trying to keep this list updated as more information is made available. If your device is vulnerable to this attack, don't worry, install the patches and stick to https websites for secure transmission of data.
* shows newly updated information
