Recommended

Wi-Fi KRACK Issue: Tech Companies Release Updates, Fixes Following Discovery of Severe Network Risk

Just this week, the public was made aware of a severe vulnerability that could compromise the Wi-Fi Protected Access II protocol, aka WPA2. 

The WPA2 bug, which was dubbed as KRACK or Key Reinstallation Attacks, was discovered by security researcher Mathy Vanhoef. He explained that once the vulnerability was exploited, an attacker can manipulate a device into "reinstalling an already-in-use key" when joining a Wi-Fi network.

Once attackers bypass a WPA2, they can then spy on unpatched devices connected to the compromised network, steal sensitive information such as credit card numbers, chat or email conversations, and more.

Get Our Latest News for FREE

Subscribe to get daily/weekly email with the top stories (plus special offers!) from The Christian Post. Be the first to know.

Traditionally, when security analysts discover vulnerabilities on software services and hardware products, they inform the affected company so the latter can issue the needed security updates before the vulnerability is made known to the public. This way, the companies can prevent more crooks from exploiting it.

In this case, Vanhoef said he had notified the companies whose products were vulnerable to KRACK attacks as early as July 14. Some of them, who have widely used products available around the world, have confirmed they are either working on fixes or have already issued necessary security updates for their items. 

Windows, Microsoft

In a report by CNET, Microsoft confirmed that it had issued security updates last Oct. 10, and these should automatically be installed on machines where Windows Update is enabled.

Apple

For Apple, the company confirmed that a security fix for iOS, macOS, watchOS, and tvOS is now in its beta stage and will be released through a software update "in a few weeks."

Google Mobile, Chromecast, Home, Wi-Fi

In Vanhoef's test on how KRACK worked, he learned that the vulnerability can be "exceptionally devastating" on devices with Linux and Android 6.0 and newer versions since these products "can be tricked into (re)installing an all-zero encryption key."

When asked about issuing any KRACK-related security update, Google told CNET: "We're aware of the issue, and we will be patching any affected devices in the coming weeks."

Samsung Mobile

Samsung has likewise confirmed to CNET that they have been notified of the security risk and promised to release updates to Samsung handsets "in the coming weeks."

Amazon

Amazon, on its part, stated that it is still "in the process of reviewing which of our devices may contain this vulnerability" and promised to subsequently issue necessary patches.

Cisco

Cisco confirmed to ZDNet that "multiple Cisco wireless products are affected by these vulnerabilities." The company added: "Fixes are already available for select Cisco products, and we will continue publishing additional software fixes for affected products as they become available."

Intel

Intel posted a security bulletin to inform users of the KRACK risk and provided an update to affected Wi-Fi drives and chipsets earlier this week.

Linux

The company released several patches for Ubuntu 14.04+, Arch, OpenBSD, Debian, Gentoo and Linux upstream, according to a report from Charged.

Was this article helpful?

Help keep The Christian Post free for everyone.

By making a recurring donation or a one-time donation of any amount, you're helping to keep CP's articles free and accessible for everyone.

We’re sorry to hear that.

Hope you’ll give us another try and check out some other articles. Return to homepage.