<center>
![wifi.png](https://steemitimages.com/DQmZ5neRdLNgcD53u2j3Uhy6vgttMrPLcjmVE9s4JBibv2T/wifi.png)
</center>

There are a few posts about this already but for those who haven't heard yet, the last days have seen a serious vulnerability discovered in the (WPA2) protocol that is widely used to secure most Wi-Fi networks.    

[above image credit](https://char.gd/blog/2017/wifi-has-been-broken-heres-the-companies-that-have-already-fixed-it)

From [here](https://github.com/kristate/krackinfo) & [here](https://www.krackattacks.com/)...

<blockquote>
In a key reinstallation attack, the adversary tricks a victim into reinstalling an already-in-use key. This is achieved by manipulating and replaying cryptographic handshake messages. When the victim reinstalls the key, associated parameters such as the incremental transmit packet number (i.e. nonce) and receive packet number (i.e. replay counter) are reset to their initial value. Essentially, to guarantee security, a key should only be installed and used once. Unfortunately, we found this is not guaranteed by the WPA2 protocol. By manipulating cryptographic handshakes, we can abuse this weakness in practice.
</blockquote>

**Unless a known patch has been applied, assume that all WPA2 enabled Wi-fi devices are vulnerable.**

This vulnerability makes it possible for a hacker in proximity to a WPA2 protected Wi-Fi network (in your home, the airport, coffee shop, etc.)  to intercept your transmissions and obtain your sensitive exchanges including passwords, account numbers and other important information.
<center>
![logo-small.png](https://steemitimages.com/DQmRqmpMxB9zZEnhDgbtQb1YUmPDbaEzsxrmCbVAWhktPvX/logo-small.png)
[credit](https://char.gd/blog/2017/wifi-has-been-broken-heres-the-companies-that-have-already-fixed-it)
</center>
IT teams globally are in the process of patching corporate Wi-Fi service infrastructure and distributing patches for Microsoft endpoint devices (laptops) which provide protection from this vulnerability.  For non-managed user devices, including those running Android, Apple iOS, MacOS and Linux, the following precautions or actions are recommended:

* Review the additional information on the KRACK vulnerability and the vendors who have patches available or coming soon, at sites [like this](https://char.gd/blog/2017/wifi-has-been-broken-heres-the-companies-that-have-already-fixed-it).
* Update the firmware of your home Wi-Fi router, or call your service provider to get your router updated if they are the ones who support it.  Always keep these devices updated.
* Avoid if possible using unfamiliar Wi-Fi networks in the near term, where the status of this vulnerability is unknown. This would include most public (airports, cities, etc.) and private (hotels, service providers) Wi-Fi services.  Over time most Wi-Fi networks will be updated to remove this vulnerability, but it takes time.  
* Avoid logging into bank accounts, financial institutions, work accounts, etc. over Wi-Fi if you want to be certain that your information will not be intercepted. Access any accounts over a wired (ethernet) connection to protect yourself.
* If you must use Wi-Fi, ensure that you are connecting to an SSL/TLS secured website (i.e. sites using https: instead of just http:) which will provide adequate protection for your transactions. Browsers typically have an indicator such as a lock icon to identify an https (SSL/TLS secured) connection.
* Update your self-managed mobile, laptop, home PC and IoT devices:   
   * Apple will release a fix for iOS devices and MacOS devices shortly, so be sure to download and update these as soon as possible.
   * Microsoft released a fix for Windows devices on Oct. 10.
   * Android devices are particularly vulnerable. Google indicated that the fix for KRACK would arrive as part of next month's Android security updates, so be especially cautious until these security updates become available and have been downloaded. 
   * Linux devices may use a number of different distributions. Most have information or patches available.  Check the web regarding your particular distribution and when a fix will become available.  
    * IoT devices are also vulnerable if they use Wi-Fi to connect to the Internet. Check with your personal device’s manufacturer for any update instructions. 

The most important part to resolve the vulnerability is to patch the “client” ie laptop, phone etc end.  However, ideally, all Wifi routers should have their firmware updated as well to complete the patching, but isn’t as critical. Many home Wifi/ADSL router manufacturers have not released a patch yet and I suspect many older routers will never be patched. If it is managed by your ISP, you may wish to contact them for information. As long as your computer/mobile device is patched you should be safe though. 

 For those interested, the Windows patches required are below: -

    Windows 10 build 1511 = KB4041689
    Windows 10 build 1607 = KB4041691
    Windows 10 build 1703 = KB4041676
    Windows 7 = KB4041678 and KB4041681

You can find whether this patch has installed by going to control panel > programs and features > Installed Updates: if you see the required patch(s) above for your Operating system then you are patched.

![unnamed.jpg](https://steemitimages.com/DQmZRXMMJABoVUkBUxyVot9AYjbKZTYetW2gJwUCmTVVsbA/unnamed.jpg)