Kevin Beaumont for Double Pulsar:
So there’s a new Wi-Fi attack. In the media it is being presented as a flaw in WPA protocol which isn’t fixable. This isn’t true.
- It is patchable, both client and server (Wi-Fi) side.
- Linux patches are available now. Linux distributions should have it very shortly.
- The attack realistically doesn’t work against Windows or iOS devices. The Group vuln is there, but it’s not near enough to actually do anything of interest.
- There is currently no publicly available code out there to attack this in the real world — you would need an incredibly high skill set and to be at the Wi-Fi base station to attack this.
- Android is the issue, which is why the research paper concentrates on it. The issue with Android is people largely don’t patch.
Good points here. As a matter of fact, I patched my Ubiquiti UniFi access points this morning to protect against the vulnerability. Patches will trickle down to consumer devices in due time, I’m sure.