Patches for the KRACK Vulnerability Begin to Trickle Out
A few days ago we all learned with shock that the strong encryption that protects almost every WiFi device in the world has been broken by the KRACK exploit.
That's really bad news and we've already published our own tips to secure your WiFi against KRACK. The real long-term fixes have to come from the people who make our WiFi gear and software.
The good news is that several large names in the industry have already patched the vulnerability. Largely thanks to the fact that the team who discovered it disclosed the exploit privately before going public. Giving precious time for fixes to be created.
Now patches have started to roll out from many of the major players, but it's been slow going. The security updates have been a trickle rather than a flood.
The Early Birds
Both Apple and Microsoft seem to have patched the issue out of their software before the world even knew about it.
Unfortunately, in the case of Apple, you can only get the fix if you're running the latest beta version of iOS. This means that regular users are still very much vulnerable, but hopefully, the beta will be approved soon.
Microsoft has gone above and beyond, already issuing patches for Windows 7 and up. If you're running an older version of Windows such as XP or Vista, well you should have upgraded by now. So this is a good opportunity to do so.
Android Panic
Because Linux and its variants are especially vulnerable to KRACK, Android users should rightly be worried since reportedly 41% of Android phones are vulnerable. Google has given an ETA for the fix of a few weeks, with the new Pixel 2 phone getting patched first.
Taking Stock
The good folks over at ZDNet have taken the time to compile a list of KRACK patch releases from most of the major vendors and organizations.
The list is unfortunately very short. Most of the companies they mention only indicate patches at some point in the future. This is a clear indication of how off-guard the tech industry was caught by KRACK.
Getting Re-routed
While KRACK is mainly a client-side vulnerability, getting routers patched is an important step that must be taken soon. Unfortunately, most routers do not auto-update their firmware. So many users are likely to have a vulnerable router. Simply because they don't know a fix is coming or available.
DD-WRT seems to have patched the issue and if your router supports it that may be a good choice. Alternatively, it might be time to just buy a new DD-WRT router.
The Long Haul
There's light at the end of the tunnel. The problem is that this is a long tunnel. We shouldn't be pessimistic, but KRACK's effects could be felt for many years to come.
Wired, for example, thinks it will take decades for the issue to be resolved. Whether it really takes that long or just a few months, this is a dark time for network security. Only time will tell how long we'll have to live with KRACK hanging over our heads.