Microsoft says it has already patched the fixed a Wi-Fi exploit problem that affecting all modern Wi-Fi networks using WPA or WPA 2 encryption.
Researchers on Monday revealed details of a new exploit called KRACK that takes advantage of vulnerabilities in Wi-Fi security to let attackers eavesdrop on traffic between computers and wireless access points. The exploit takes advantage of several key management vulnerabilities in the WPA2 security protocol, the popular authentication scheme used to protect personal and enterprise Wi-Fi networks.
The researchers noted that 41 percent of all Android devices are vulnerable to an "exceptionally devastating" variant of the Wi-Fi attack. All Wi-Fi devices are to some degree susceptible to the vulnerabilities making them ripe for data theft or ransomware code injection from any malicious attacker within range. The researchers recommend patching all Wi-Fi clients and access points when the fixes are available and to continue using WPA2 until then (WPA1 is also affected and WEP security is even worse).
Technology companies are starting to respond to the Wi-Fi exploit.
Microsoft says it has already fixed the problem for customers running supported versions of Windows. "We have released a security update to address this issue," said a Microsoft spokesperson. "Customers who apply the update, or have automatic updates enabled, will be protected. We continue to encourage customers to turn on automatic updates to help ensure they are protected." Microsoft says the Windows updates released on October 10th protect customers, and the company "withheld disclosure until other vendors could develop and release updates."
Google has promised a fix for affected devices "in the coming weeks."
Apple said the security vulnerability has been fixed in the beta versions of the next software updates to iOS, macOS, watchOS, and tvOS. These releases are expected this month.
Have in mind that the specific Wi-Fi bug is both hard to exploit and hard to fix: nearly every device that uses Wi-Fi is vulnerable, but the attack itself is difficult to execute and not as damaging as you might expect. Taking advantage of this bug would take a lot of preparation and a very specific target. An attacker would have to be within Wi-Fi range to carry out any of those exploits, which dramatically reduces the risk that an average person will be targeted.
Unfortunately, because WPA2 is so widespread, researchers predict that nearly every device that uses Wi-Fi will be vulnerable in some way. That starts with computers and phones, but also your router and any other device that plays a part in your home Wi-Fi network. Beyond computers and phones, it's time to take a look at every Wi-Fi-enabled device you own, and checking on software updates for those devices in the weeks to come.