KRACK is the worst vulnerability to affect consumer and professional networking equipment in a long time. Wireless networks have various safeguards in place to protect against intrusion and what the industry calls “man in the middle” attacks. Unfortunately, there is a flaw in what the currently the most secure wireless network protocol, WPA2. Using the KRACK vulnerability that is part of the protocol, an attacker who is in physical range can fool the router and gather all the information from other devices in the network.

There are two pieces of good news. The first is that the discovery was by a security researcher and not some rogue entity. The second is that most believe that the security researcher was the first to discover the flaw and manufacturers knew in advance of the announcement. Most vendors have had time to work on fixing the vulnerability in their devices.

The bad news is that depending on the vendor of your router and other devices, updates might not be forthcoming for some time. Apple and Microsoft have updates for all their devices and if you keep your systems up to date you should have no issues.

However, most vendors will not have patches ready and even if they do it is up to the owner to download and apply the patch. The issue here is that most public Wi-FI networks will remain vulnerable for some time. Avoid using any public wireless networks to enter or transfer sensitive information.


Comments are closed