Regarding Krack Attacks — WPA2 flaw

So there’s a new Wi-Fi attack. In the media it is being presented as a flaw in WPA protocol which isn’t fixable. This isn’t true.

Before we all burn the house down, however, and declare security problems not fixable, let’s get to some important things for organisations:

• It is patchable, both client and server (Wi-Fi) side.
• Linux patches are available now. Linux distributions should have it very shortly.
• The attack realistically doesn’t work against Windows or iOS devices. The Group vuln is there, but it’s not near enough to actually do anything of interest.
• There is currently no publicly available code out there to attack this in the real world — you would need an incredibly high skill set and to be at the Wi-Fi base station to attack this.
• Android is the issue, which is why the research paper concentrates on it. The issue with Android is people largely don’t patch.

My suggestion for organisations is they ask their Wi-Fi network providers for patches — this is absolutely patchable, as per the researcher’s own website.

My belief is this is not a “Wi-Fi security is broken, we can’t trust anything” situation. WPA2 is not broken — the researchers themselves point out this is fixable:

It’s some great academic research which will ultimately help improve security for all. Do not panic. We’ll be okay.

Research paper here: