KRACK Wifi exploit

Networking and broadband talkabout. Need help with that new router or setting up a network?
Post Reply
User avatar
FlyingPenguin
Flightless Bird
Posts: 32773
Joined: Wed Nov 22, 2000 11:13 am
Location: Central Florida
Contact:

KRACK Wifi exploit

Post by FlyingPenguin »

A LOT of bad misinformation out there.

Bottom line: This is a CLIENT side bug. It has nothing to do with the router (only exception would be if you're using a router as a repeater, in which case the repeater IS a client, and yeah, wouldn't hurt to update the repeater router's firmware).

This bug has already been fixed in all major operating systems EXCEPT Android. And since vendors are so slow to patch Android, you can pretty much assume it may never get patched on any phones more than a few years old.

It is NOT a big deal, though. For someone to take advantage of this, they would need to perform a man in the middle wifi attack. They would have to be connected to the same wifi network. Also, if you're on an HTTPS connection (which most sites use now) they can't read your traffic except by performing a very complicated man in the middle certificate spoof.

IOT devices are likely affected, but again any well designed IOT device from a reputable vendor will be using SSL and can't be intercepted.
"Turns out I’m 'woke.' All along, I thought I was just compassionate, kind, and good at history. "

Image
Post Reply