KRACK Wi-Fi Vulnerability
On Oct 16 2017 US-CERT released Vulnerability Note VU#228519 after researchers disclosed “serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks.” They have named the proof-of-concept exploits, KRACK (key reinstallation attacks)…
The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. […] To prevent the attack, users must update affected products as soon as security updates become available.
The vulnerabilities primarily affect Wi-Fi client devices (devices that make connections to Wi-Fi networks). If your device supports Wi-Fi, it is most likely affected. Devices operating as Wi-Fi Access Points (APs) may not be affected, or are only partially affected, in very specific circumstances. The main concern is on the many client devices that connect to Wi-Fi networks.
Resolving these vulnerabilities requires that updates be installed on all devices that connect to Wi-Fi. This includes, but is not limited to, laptops, Smart TVs, Smartphones, Wi-Fi Cameras, Wi-Fi Security Systems, Wi-Fi Printers, Wi-Fi Point-of-Sale, Wi-Fi VoIP devices, Streaming Media Devices (Roku, Amazon Fire, Chromecast, etc.), Gaming Consoles (Xbox, Playstation, etc.), Wi-Fi Smart Home Devices (thermostats, lights, appliances, doorbells, etc.), and other Wi-Fi enabled devices or gizmos.
Microsoft released updates, on October 10th, for supported versions of Windows. Updates for other devices may become available in the coming weeks.
We suggest making a list (including the brand and model) of all of your devices that connect to Wi-Fi. Then, check with the device maker, or visit their web site, to see if an update will be made available, and how to install it. Makes notes on your list about the status of each device.
Some devices may not receive any update, if the device maker no longer provides support for the device. Many old devices, or Android smartphones, older than a year, may fall into that category. Contact the device maker, to check. Any client devices that are affected by the KRACK vulnerabilities, but will not be receiving any corrective updates, should be considered for retirement.
A partial list of “known information regarding various Wi-Fi vendors, and whether new drivers are available,” can be found at the following link…
Many device makers are still working on making updates available. If your device doesn’t, yet, have an update, be sure to keep checking.
Assistance with locating and installing device updates may be available from local computer shops, in addition to the device makers’ support departments.