Recently there has been a new WiFi exploit affecting all modern WiFi networks called “Krack”. Most modern networks use WPA or WPA 2 encryption which is what has been exploited, it allows an attacker to read data in WiFi traffic. The attack involves imitating a WPA 2 encrypted network and cloning the MAC address of the victim. This does mean the attacker has to be within a physical distance of the network, however for public networks available in many restaurants and airports for example, this can be a huge problem. Microsoft has been quick to comment on the matter and has already released a patch within Windows 10 which they claim addresses the issue.
Microsoft claim that if you apply the update released on October 10th or just have automatic updates enabled you will be protected, we would highly recommend you have automatic updates turned on during this vulnerable time to hopefully avoid any attacks. However, it is not just Microsoft users that have been affected; iOS, Android, and Linux have all been said to be vulnerable to this also. Google has said they will release a fix in “The coming weeks”.
It is unlikely you will be affected by the attack, but you should update all your devices to be sure. This exploit will likely give a public WiFi’s an even worse reputation for being unsafe. Some users now go as far to only connect to a public WiFi with a VPN to ensure maximum security. We will cover VPN’s in our next blog post.