‘Krack’ WPA2 Vulnerability
What is it about?
A weakness has been discovered in WPA2 wifi security protocol that means it is possible that someone could eaves drop and read your wifi traffic. It is also possible, but unlikely, that said attacker could send malicious data to your device (PC/phone/tablet/etc.).
What devices are affected?
This is an issue that affects the client end of a wifi connection. In a wifi connection from your PC (phone/tablet/etc) to a wifi router then it's the PC end that is a client and the router end is the infrastructure access point. Clients are the issue here, primarily devices using Android, Linux, Apple, Windows.
So do I have to do anything about my wifi router or access point?
This security issue is with the client device so a normal wifi router running normal access point mode isn't the problem. The only time when it might matter is if you use the access point or wifi router in some form of wifi repeater mode. Wifi repeater mode means your wifi router runs as an access point (AP) AND a client at the same time. In ‘normal’ use of a router/AP the issue would never arise. If you are using access points as wifi repeaters then this might be a problem.
So what should I do?
Since this is a client issue then ensure you apply any OS updates for your client device (windows/android/ios/etc) as they become available. Windows has already download a patch. If you are running your wifi access points as repeaters then please wait for a new f/w from your supplier.
Should I be worried?
The vast majority of bank and shopping sites use an SSL https web site connection which means the data is encrypted at the client device before being sent over the wifi connection. It's good enough for banks so it should be considered secure! There is the issue of using public wifi but please remember it is a client issue and so as long as your client device is up to date then that shouldn't be a problem.
For More Information
The website https://www.krackattacks.com/ provides a detailed summary of the issue along with links to the research paper and tools detailing the vulnerability.
We will add more vendor statements as we get them.