Dubbed the “Krack Attack,” this flaw allows a hacker to make a carbon copy of your WPA2-encrypted network, spoof its MAC address, change the WiFi channel and reroute all network traffic through the clone that they control.
This, of course, allows them to spy on all network traffic and execute a wide range of “man in the middle” attacks against any traffic passing through, which opens the door to tremendous damage.
Microsoft has been quick to respond to the latest threat and has already released a patch which addresses the issue for Windows-based PCs. If you’re running Windows 8 and above and automatically getting security updates, then you should already have the patch, and you are protected.
That’s good news, given how large a footprint Windows has, but sadly, it does not completely solve the problem.That’s because Android and Linux-based systems are even more at risk. In those cases, a second flaw makes the problem worse. They do not demand a unique encryption key, which makes it easier, by far, for hackers deploying the Krack Attack to abuse devices running those operating systems.
There’s been no word on an ETA for a Linux fix, but Google has announced that an updated planned for release on November 6 will resolve the issue on that front. For Apple’s part, the company reports that the flaw has been addressed in beta versions of MacOS, iOS, tvOS, and watchOS. They are anticipating rolling out live versions of these fixes later this month, although a specific release date has not been announced at this point.
All that to say, regardless of which platform you’re using, hang tight. Help is on the way, and kudos to Microsoft for being the first tech giant out the gate with a solution.