Last month, a particularly frightening Wi-Fi vulnerability became public. The vulnerability, which was discovered by two researchers at Universiteit Leuven in Belgium, is key reinstallation attacks (KRACK).
The scary thing about KRACK is that it attacks the WPA2 security standard itself, not any particular device or system. Thus, large parts of the Wi-Fi landscape are at risk. There is good news in that KRACK, according to the experts, is not too difficult to fix.https://o1.qnsr.com/log/p.gif?;n=203;c=204663295;s=11915;x=7936;f=201904081034270;u=j;z=TIMESTAMP;a=20410779;e=i
The question to consider now is whether this indeed is being done. The answer seems to be that the wireless sector indeed is taking KRACK seriously. It is also acting with haste, which has not always been the case.
For instance, eWeek reported today that Apple has updated the iOS and macOS operating systems to address the problem. The story says that Mathy Venhoef, one of the researchers who discovered the vulnerability, has been working on the problem with the U.S. Computer Emergency Readiness Team/Coordination Center (CERT/CC) since late August. Many major players, such as Samsung, Intel and Microsoft, had patches in hand at the time KRACK was made public.
Another example of a company reacting quickly to KRACK is Rockwell Automation. Threat Post reports that the company has patched its Stratix wireless access point. Indeed, most major vendors in the commercial and industrial controls sectors have addressed the problem. This piece dates Venhoef’s communications with vendors even earlier. It says that his outreach on the problem began in July.
Consumer-facing gear is also being updated. For instance, Droid Life points to an update to the Galaxy S and S8.
There are other reports of companies doing what is necessary to combat KRACK. The bottom line is that the industry is reacting proactively and seems well on the way to blunting the threat. This is good news on the specific and general levels. Of course, the immediate goal of protecting users against a vulnerability in the standard is a major effort. On the higher level, the reaction is gratifying. It demonstrates that the channel through which information and, eventually, fixes flow is in better shape and is more responsive than it was a few years ago.
Carl Weinschenk covers telecom for IT Business Edge. He writes about wireless technology, disaster recovery/business continuity, cellular services, the Internet of Things, machine-to-machine communications and other emerging technologies and platforms. He also covers net neutrality and related regulatory issues. Weinschenk has written about the phone companies, cable operators and related companies for decades and is senior editor of Broadband Technology Report. He can be reached at firstname.lastname@example.org and via twitter at @DailyMusicBrk.