The so-called Krack attack affects almost every wireless device, making them vulnerable to hijacked internet connections. And with the Internet of Things currently booming, with more devices than ever connected to Wi-Fi, it can’t get much worse.

The extent of the Krack consequences are yet to be fully identified; some major platforms like Windows and iOS have already been patched, however there are millions of IoT devices that will probably never be fixed, meaning the fallout of Krack could continue for years to come.

There’s all sorts of advice circulating the internet about how to deal with Krack, but only one that has real benefit: Patching. The following companies have released patches already, which can be downloaded to your device right now to fix the vulnerability.

• Apple
• Arch Linux: WPA Supplicant patch, Hostapd patch
• Aruba
• Cisco Meraki
• DD-WRT
• Debian/Ubuntu
• Eero
• Fortinet
• Intel
• LEDE/OpenWrt
• Microsoft
• MikroTik
• Netgear: Only some products fixed, others remain vulnerable
• Open Mesh
• Ubiqiti
• Raspberry Pi (Jessie, Stretch)
• Synology
• Tanaza
• Watchguard Cloud

The following vendors have been listed as “not affected” on the CERT website:

• Arista
• Lenovo
• VMWare

If you have a Windows computer, Mac or iPhone, you should patch these straight away. Android devices aren’t all currently covered by a fix, but these should be released in time.

Routers, security cameras, smart kettles… Well those are a little trickier. Experts are claiming that these sorts of devices could be vulnerable for 20 years from now. This is because IoT devices very rarely correct their security issues with software updates. In most cases, the best bet is to replace the equipment with patched alternatives.
Even when patches are released, the difficulty doesn’t end there. The company has limited ways of informing the customer, as well as educating on how to perform the update, as every device will be patched differently.
Aside from the confidentiality and data breach matter, IoT devices present a different kind of threat. Depending on the type of device you own, cyber criminals could unlock your door or cut off your lighting. Until the hardware has been upgraded, the chances are these devices will remain vulnerable for years.

So what can you do right now?

• Keep using the WPA2 protocol for your networks, it’s still the most secure option available for most wireless networks.
• Update all your devices and operating systems to the latest versions.
• Be aware that Krack is a mainly a local vulnerability, meaning attackers need to be within range of a wireless network. Passwords won’t protect your network either.
• Avoid using public Wi-Fi networks at all costs – you never know who else could be connected!

If you’d like find out more information about cyber security and specifically patching your devices, get in touch with us today.