Skip to main content
close search
site logo
Dive Brief

The KRACK in the Wi-Fi: Vendors scramble to patch after critical flaw discovered

Published Oct. 17, 2017
Naomi Eide's headshot
Managing Editor
Getty Images

Dive Brief:

  • Research came out Monday with an announcement that shook the internet: "All modern protected Wi-Fi networks" were vulnerable to weaknesses in WPA2. Referred to as the KRACK Wi-Fi vulnerability, if an attacker is within Wi-Fi range of a target, they can exploit key reinstallation attacks, potentially stealing credit card numbers, passwords and other sensitive data, according to Matty Vanhoef of imec-DistriNet. A CERT notice listed almost 150 vendors impacted by the vulnerability, detailing whether or not updates were put in place. 
  • Some variant of the flaw impacts Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys and other devices. With more than 40% of Android devices vulnerable, Google is working on delivering a patch in "coming weeks," The Verge reports. Microsoft said it already released an update to fix the flaw, which will protect customers who apply the update or have automatic updates turned on, the company said in a statement to The Verge. Cisco already has some patches available for its products, and will continue publishing fixes as the software updates become available, the company said in a statement to ZDNet
  • Currently, there is "no evidence" that attackers have "maliciously" exploited the flaw, according to the Wi-Fi Alliance, which now requires testing for the vulnerability in its global certification network. The organization has also provided a vulnerability detection tool for members. 

Dive Insight:

The big question with any disclosed exploit is, what's the impact? For the KRACK vulnerability, researchers simply said, "if your device supports Wi-Fi, it is most likely affected."

That does not necessarily mean attackers have already come within range to target users' data, but if given the opportunity hackers could take advantage of the flaw and launch an attack. 

Now that researchers know about the flaw, it all comes down to response. How vendors and clients respond will dictate the impact of the vulnerability, determining whether an internet emergency ensues for an organization or if crisis is averted.

Organizations just have to be diligent about rolling out vendor-provided updates in a timely manner to ensure the lurking flaw does not persist. 

As KrebsOnSecurity noted, vendors knew about the flaw weeks before the public disclosure, which is why some vendors already have updates protecting against the flaw in place. And because this is an attack that cannot be executed remotely, companies have a layer of physical location security that can work to protect them.

Recommended Reading

Filed Under: Security

Editors' picks

Company Announcements

View all | Post a press release
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Viz.ai Wins Prestigious Prix Galien USA Award for Best Digital Health Solution
From Viz.ai
November 12, 2024
truCX Launches Groundbreaking Partner Portal, Empowering CX Consultants and Trusted Advisors w…
From truCX
October 30, 2024
Blackpoint Cyber Launches Global Partner Program and Enablement Platform Emphasizing a Focus o…
From Blackpoint Cyber
October 30, 2024
Editors' picks
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell