KRACK (Key Replacement attACK) is a weakness in the way that WiFi encryption (WPA2) works, allowing an attacker to effectively bypass the encryption between a client device and a wireless access point. This vulnerability enables an attacker to eavesdrop on data sent across the network (chat messages, usernames, passwords etc), without needing the password usually required to join the network.
How do I stay protected?
Key Replacement Attacks are mainly used to target client devices (i.e. phones and laptops) as opposed to wireless access points, but the best advice here is to keep all devices up to date.
Manufacturers are aware of this flaw, and will be releasing patches to protect against Key Replacement Attacks – Below are some well known manufacturers, and what they are doing to protect users:
- Microsoft have already released an update resolving this via a Windows Update.
- Apple released iOS 11.1 and macOS 10.13.1 this morning (Nov 1) protecting supported iPhone and Mac devices.
- Google are releasing a fix for KRACK on November 6th – This will then need to be adapted and re-released by individual manufacturers (i.e. Samsung, HTC, LG etc).
If you’ve got any further questions regarding KRACK or otherwise, please do get in touch!