A vendor I use for security on my clients’ website just released a blog post that announces that researchers in Belgium discovered a way to break into what we used to think of as “secure” Wi-Fi (aka wireless) networks. They are calling it “KRACK” which is short for Key Reinstallation Attacks.
This affects all modern Wi-Fi equipment, from mobile phones to tablets to workstations, routers, printers and more. This is a big deal and has very widespread security implications.
You can read the full post here: PSA: Severe Vulnerability in All Wi-Fi Devices I encourage you to share it widely.
At a high-level, everything you own that uses a wireless network is at risk. Vendors for these devices (Android, Apple, Linksys, Windows, Linux, Amazon, Google, etc.) are all working on patches. They will release these patches ASAP and you should install them ASAP. Please prioritize anything that uses a public wireless network. Here are examples of places you’ll need to update:
- Desktop workstations
- Mobile phones
- Tablets and e-readers that use Wi-Fi
- Home and office routers
- Home devices like NEST, Amazon Echo and Google Home
- Printers, both home and office, that use Wi-Fi
- Any other device that uses Wi-Fi
Your device should prompt you when a security update is available. Some of your devices will automatically update for you. For routers, you will need to contact your internet service provider, check your manual, or do a Google search on how to update it. Each router is different.
There’s also a growing list on Bleeping Computer’s website that lists updates being released by vendors. You can check this periodically for your affected devices.