Yesterday, a new Wi-Fi vulnerability was discovered called KRACK. This affects almost all computers which connect to the internet over Wi-Fi irrespective of which Router one is using. This also includes those which are secured. This vulnerability allowed hackers to inject malicious content, and even manipulate data and huge possibility of injecting malware like Ransomware.
Multiple conditions would need to be met in order for an attacker to exploit the vulnerability – the attacker would need to be within the physical proximity of the targeted user, and the user’s computer would need to have wireless networking enabled. The attacker would then need to execute a man-in-the-middle (MitM) attack to intercept traffic between the target computer and wireless access point.
Thankfully those on Windows PC are safe as Microsoft had already rolled out a security patch on October 10th (Tuesday Patch). It’s not a zero-day vulnerability and most of the companies were informed about it so they can work on the fix, and roll out an update for their product. The best part of the Microsoft patch is that they are backward compatible. If you have updated your PC using the Microsoft Patch, and connect to a wireless router it still keeps you safe.
However, since the spoofing targets client, and not access points, it does not matter which router you are connected to.
When the vulnerability was discovered, it was reported that there are already 40% Android devices which were affected, and only those who own the pure android experience might get faster update compared to those who are on custom ROM.