KRACK' flaw affects all Wi-Fi networks; patch from Google, Apple to air soon
Modern computers and smartphones are not safe from countless vulnerabilities — thanks to countless flaws and bugs with every new version. Earlier this week, US-CERT announced the presence of a major bug in WPA2 encryption that is used in Wi-Fi network logins. Known as KRACK (Key Reinstallation AttaCKs), the flaw affects all those Wi-Fi networks with WPA2 encryption, which means your average coffee shop network is prone to this attack.
In WPA2 encrypted networks, data travels between the Wi-Fi router and your smartphone in the form of data packets. At the user’s end, there has to be a handshake between the incoming signal and the client device, verifying that the data which the user intended to receive has actually gone to the right place. The KRACK flaw forcibly installs a key into this encryption protocol, which lets a hacker to tap into the network and obtain trusted credentials such as passwords and account details.
Since this is a software-based issue, it would require client-side software fixes. The modern world thrives on the Internet for a majority of daily activities and public Wi-Fi networks play an important role in providing Internet connection to a majority of places. Therefore, Google and Apple have already promised to roll out software fixes for this issue.
Apple is testing the software patch and should roll it out in the upcoming weeks as part of a new iOS 11 and macOS patch. Meanwhile, Google has promised to roll out the fix to Google-branded Android phones (Pixel and Nexus devices) as part of the November security update. Microsoft said an automatic security update issued last week had fixed the problem for Windows 7, 8 and 10 users.
(source)