A new, very real and very widespread security vulnerability in all wifi 802.11 devices has been found. It is a notable issue because it is not a manufacturer flaw but a design flaw caused by the wifi spec (802.11) itself.
Called KRACK (Key Reinstallation AttaCKs), the problem might take time to patch because of the fracturing of various types of wifi devices. For instance, Android phones are at the mercy of the phone manufacturers and/or carriers as to when updates occur. Older routers might not even have a user-friendly update mechanism, but I’ve noticed some newer ones will actually automatically check but not necessarily automatically install. The good news, though, is that the security vulnerability in all wifi devices can be patched via software. No hardware changes are required.
Today is being called “Black Monday” in many information security circles. We have had a major Wi-Fi vulnerability announced that affects absolutely every device that supports Wi-Fi. The vulnerability allows attackers to decrypt WPA2 connections. A second vulnerability also emerged today, and we will cover that at the end of this post.