By Anthony Cuthbertson Newsweek
Apple, Google, Microsoft and other technology companies have been rushing to address issues related to the Krack Wi-Fi security vulnerability—a flaw that puts any person using wireless internet at risk of being hacked.
Technology companies acknowledged problems with the WPA2 encryption used on all modern Wi-Fi routers, with some announcing they had already patched the Krack Wi-Fi exploit prior to it being disclosed by cybersecurity expert Mathy Vanhoef on Monday.
“Microsoft released security updates on October 19 and customers who have Windows Update enabled and applied the security updates are protected automatically,” the company said in a statement. “We updated to protect customers as soon as possible, but as a responsible industry partner, we withheld disclosure until other vendors could develop and release updates.”
Apple also claims to have fixed the issue in certain versions of its operating systems, including iOS used on iPhones and watch OS used on the Apple Watch, and macOS used on Apple Macs. The patches, however, are mostly available only for trial versions of the software and therefore are available only for developers.
Google has yet to issue any fixes for the Krack attack method, saying in a statement on Monday that it is working on ways to resolve it.
“We’re aware of the issue, and we will be patching any affected devices in the coming weeks,” the Silicon Valley giant said in a statement.
The weaknesses discovered in WPA2 mean that hackers can launch cyberattacks on people using a Wi-Fi network if they are within range. If successfully exploited, Krack—which stands for Key Reinstallation Attack—could give attackers access to a user’s credit card details, passwords, emails, messages, photos and other personal data.
Security researchers have described the security flaw as “unprecedented” in its scope, warning that Wi-Fi users should take measures to protect themselves and their devices from hackers. However, they say that it is still up to the major technology companies to issue their own solutions in order to properly address the problem.
“The security industry will chase vulnerabilities for the foreseeable future, and bad actors will continue to find and exploit new ones,” Lisa Baergen, director at NuData Security, said in a statement.
“In the short term, consumers must vigilantly manage their router patches and settings, and organizations must tune their defenses. Ultimately, the only way to break this otherwise endless cycle is for organizations to fundamentally de-value stolen consumer data by stripping it of its usability,” she said.
Until then, people are advised to avoid public Wi-Fi networks and websites that don’t use the secure HTTPS protocol. Any available security updates should also be installed to devices and routers to best protect users from the Krack security bug.