By Dan Moren
October 16, 2017 8:19 AM PT
Wi-Fi encryption has been compromised
Warning: This story has not been updated in several years and may contain out-of-date information.
You’re going to be seeing a lot of news today about a vulnerability reported in Wi-Fi Protected Access (WPA), the encryption scheme used to protect wireless networks. Ars Technica has a good technical breakdown of the flaw, dubbed KRACK, which affects pretty much all major platforms including, potentially, iOS and macOS.
I say “potentially” only because Apple hasn’t yet officially confirmed that the most current versions of its OSes are at risk. Other vendors, like Microsoft and Google, have acknowledged the vulnerability and are moving to release updates–Microsoft today for Windows and Google next month for Pixel devices, though other Android devices are potentially still at risk.
Protecting clients is only part of the solution, however; many wireless routers and access points will likely also need firmware updates to fully protect against the flaw. That said, it’s probably a bigger immediate security concern to protect mobile devices that are likely to be out in public and connecting to a variety of Wi-Fi networks. In order to exploit your home network, somebody would still need to use a device in physical proximity to your home–by no means impossible, but also not particularly probable.
This isn’t the first time that Wi-Fi security has been breached. The previous standard, WEP, was officially deprecated back in 2004 after significant vulnerabilities were detailed (though it does remain available on many products even today). The seriousness of the KRACK flaw is even more significant given how much more prevalent Wi-Fi devices and networks are today than in 2004.
The long and short of it is that this is a critical vulnerability: as soon as updates are available for your devices, you should absolutely apply them.
Updated at 12:51pm Eastern with a more reasonable headline.
Update at 3:05pm Eastern: iMore’s Rene Ritchie says Apple told him the KRACK vulnerabilities are patched in the current betas of iOS, tvOS, watchOS, and macOS.
[Dan Moren is the East Coast Bureau Chief of Six Colors. You can find him on Twitter at @dmoren or reach him by email at firstname.lastname@example.org. His latest novel, The Nova Incident, comes out in July and is available to pre-order now, so do it!]
If you appreciate articles like this one, support us by becoming a Six Colors subscriber. Subscribers get access to an exclusive podcast, members-only stories, and a special community.