Security researchers have found a devastating flaw in WPA2 WiFi encryption protocol that makes it possible for hackers to intercept your sensitive information. This vulnerability named KRACK (Key Reinstallation Attack) affects Wi-Fi protocol and not a specific product or impentation. An attacker within range of a victim can exploit these weaknesses.
KRACK targets the third step in a four-way authentication "handshake" performed when a WI-FI client attempts to connect to a protected network. This can lead to stealing of information by the attackers including your credit card and confidential data.
To protect against this flaw, major OSes and routers are working round the clock to provide a patch. Apply the patch as soon as possible. Meanwhile, do not share any personal or confidential information on a non secure website and only use secure or HTTPS sites.
Also avoid using free hotspots or use a secure VPN or connection like GajShield Enterprise Cloud, if you must use a Wifi network.
Our research team is working in our labs to gain more information about the latest KRACK attacks and will keep you updated on future course of action. Until then keep a close tab on any latest updates or patches released for your affected products and apply them as soon as possible
Latest information on Krack based on companies
- Arch Linux - svntogit/packages.git - svntogit/community.git
- Aruba Networks - WPA2 Security - Software Patches
- D-Link - Response to KRACK :: WPA2 Key Reinstallation Attack Security Vulnerability
- Espressif Systems - Patches
- Fedora 25 - Security update in Fedora 25 for wpa_supplicant
- Fortinet - WPA2 Has Been Broken. What Now?
- Intel - Updates drivers
- GajShield - Not affected by KRACK
- Meraki - 802.11r Vulnerability (CVE: 2017-13082) FAQ
- Microchip Technology - VU#228519 - Wi-Fi Protected Access II (WPA2) Vulnerabilities
- Microsoft - Patches
- Mikrotik - RouterOS (v6.39.3, v6.40.4, v6.41rc) NOT affected by WPA2 vulnerabilities
- Netgear - Security Advisory for WPA-2 Vulnerabilities
- OpenBSD - Errata patches for wireless stack have been released for 6.1 and 6.0.and 6.0.
- SonicWall - Awaiting for advisory
- Sophos - Sophos UTM Wireless, Sophos Firewall Wireless, Sophos Central Wireless, and Cyberoam Wireless products are affected by the Krack vulnerability. Updates for these products will be released soon.
- TP-Link - Awaiting for advisory
- Ubiquiti - USN-3455-1: wpa_supplicant and hostapd vulnerabilities
- WatchGuard -WPA and WPA2 Vulnerabilities Update
- Zyxel - Zyxel security advisory for the key management vulnerabilities of WPA2 protocol