Google Patches KRACK Vulnerability in Android



Last month I wrote about how researchers broke wifi's most popular encryption leaving millions of devices prone to KRACK attack. KRACK is a serious flaw as it affects WPA2 protocol.


But I have a good news today . Tech Giant Google has published this month's Android security bulletin, and the company provided a fix for the KRACK vulnerability that came to light last month.

The Android Security Bulletin for November 2017 is split as three separate packages — 2017-11-01, 2017-11-05, and 2017-11-06. The KRACK fixes are included in the latter — 2017-11-06.

If your phone receives the update and the security patch level is 2017-11-06, the KRACK fixes are also included.

It is to note that Microsoft, which silently deployed KRACK fixes to Windows users without telling anyone, a month before the vulnerability became public.Apple released KRACK patches at the end of October, as part of iOS 11.1 & macOS High Sierra 10.13.1.

Google is infact the last major vendor to release the fix for KRACK Vulnerability. 

Details About The Attack


The bug, known as "KRACK" for Key Reinstallation Attack, exposes a fundamental flaw in WPA2, a common protocol used in securing most modern wireless networks. Mathy Vanhoef, a computer security academic, who found the flaw, said the weakness lies in the protocol's four-way handshake, which securely allows new devices with a pre-shared password to join the network.

That weakness can, at its worst, allow an attacker to decrypt network traffic from a WPA2-enabled device, hijack connections, and inject content into the traffic stream.

In other words: hackers can eavesdrop on your network traffic.