Technology companies are now responding to a new attack against Wi-Fi encryption, details of which were published by security researchers on Monday. Severe vulnerabilities have been found in the commonly used WPA2 protocol, allowing attackers not only to spy on Wi-Fi traffic between computers and wireless access points, but also to inject malicious content into websites.
Researchers claimed that all major platforms, including macOS, Windows, iOS, Android and Linux, are affected by the exploit dubbed "KRACK." While the best possible solution for users is to update all their devices that support Wi-Fi, many vendors are still working on patches for the bug, suggesting that an immediate update may not be possible for everyone.
Meanwhile, Microsoft has reportedly said that it has already deployed a Windows patch to fix the problem for users running supported versions of the operating system. The respective Windows updates were released on October 10.
"Customers who apply the update, or have automatic updates enabled, will be protected. We continue to encourage customers to turn on automatic updates to help ensure they are protected," a Microsoft spokesperson told The Verge in a statement.
Apple has also reportedly confirmed that it has rectified the KRACK exploit in "recent" macOS, iOS, tvOS, and watchOS betas. However, devices running Apple's current operating systems are still not out of danger just yet as there are still a few weeks to go before the fix goes public.
When it comes to Android phones, the situation still appears to be vague. According to researchers, 41 percent of Android devices are vulnerable to an "exceptionally devastating" variant of the Wi-Fi attack, with Android 6.0 and above containing vulnerability that "makes it trivial to intercept and manipulate traffic" sent by affected devices.
Android's notoriously slow ecosystem could be the reason why researchers believe it to be the hardest to patch. Although Google has reportedly promised to deploy an Android patch for affected devices in the coming weeks, its own Pixel phones will be the first to receive the fixes while other non-Pixel devices will still have to wait for a longer time to get a similar update.
Below are a few devices affected by the KRACK exploit while a real-time list is available here.
- Aruba Networks
- Cisco
- Espressif Systems
- Fortinet, Inc.
- FreeBSD Project
- HostAP
- Intel Corporation
- Juniper Networks
- Microchip Technology
- Microsoft Corporation
- OpenBSD
- Peplink
- Red Hat, Inc.
- Samsung Mobile
- Sierra Wireless
- Toshiba Commerce Solutions
- Toshiba Electronic Devices & Storage Corporation
- Toshiba Memory Corporation
- Ubiquiti Networks
- Ubuntu
- Watchguard Technologies, Inc.
- ZyXEL