six colors

by Jason Snell & Dan Moren

This week's sponsor

Six Colors Shirt! Our official (six-color) t-shirt is back on sale for a limited time.

By Dan Moren

Wi-Fi encryption has been compromised

You’re going to be seeing a lot of news today about a vulnerability reported in Wi-Fi Protected Access (WPA), the encryption scheme used to protect wireless networks. Ars Technica has a good technical breakdown of the flaw, dubbed KRACK, which affects pretty much all major platforms including, potentially, iOS and macOS.

I say “potentially” only because Apple hasn’t yet officially confirmed that the most current versions of its OSes are at risk. Other vendors, like Microsoft and Google, have acknowledged the vulnerability and are moving to release updates—Microsoft today for Windows and Google next month for Pixel devices, though other Android devices are potentially still at risk.

Protecting clients is only part of the solution, however; many wireless routers and access points will likely also need firmware updates to fully protect against the flaw. That said, it’s probably a bigger immediate security concern to protect mobile devices that are likely to be out in public and connecting to a variety of Wi-Fi networks. In order to exploit your home network, somebody would still need to use a device in physical proximity to your home—by no means impossible, but also not particularly probable.

This isn’t the first time that Wi-Fi security has been breached. The previous standard, WEP, was officially deprecated back in 2004 after significant vulnerabilities were detailed (though it does remain available on many products even today). The seriousness of the KRACK flaw is even more significant given how much more prevalent Wi-Fi devices and networks are today than in 2004.

The long and short of it is that this is a critical vulnerability: as soon as updates are available for your devices, you should absolutely apply them.

Updated at 12:51pm Eastern with a more reasonable headline.

Update at 3:05pm Eastern: iMore’s Rene Ritchie says Apple told him the KRACK vulnerabilities are patched in the current betas of iOS, tvOS, watchOS, and macOS.

[If you appreciate articles like this one, help us continue doing Six Colors (and get some fun benefits) by becoming a Six Colors subscriber.]

[Dan Moren is a tech writer, novelist, podcaster, and the Official Dan of Six Colors. You can email him at dan@sixcolors.com or find him on Twitter at @dmoren.]