Monday, October 16, 2017

Why you shouldn’t worry about the Krack WPA2 flaw →

Kevin Beaumont for Double Pulsar:

So there’s a new Wi-Fi attack. In the media it is being presented as a flaw in WPA protocol which isn’t fixable. This isn’t true.

  • It is patchable, both client and server (Wi-Fi) side.
  • Linux patches are available now. Linux distributions should have it very shortly.
  • The attack realistically doesn’t work against Windows or iOS devices. The Group vuln is there, but it’s not near enough to actually do anything of interest.
  • There is currently no publicly available code out there to attack this in the real world — you would need an incredibly high skill set and to be at the Wi-Fi base station to attack this.
  • Android is the issue, which is why the research paper concentrates on it. The issue with Android is people largely don’t patch.

Good points here. As a matter of fact, I patched my Ubiquiti UniFi access points this morning to protect against the vulnerability. Patches will trickle down to consumer devices in due time, I’m sure.