- Jul 22, 2014
- 2,525
In October, security researchers discovered a major vulnerability in a Wi-Fi's WPA2 security called "KRACK." This "Key Reinstallation Attack" can disrupt the initial encryption handshake that happens when an access point and a device first connect, allowing an attacker to read information assumed to be securely encrypted. It's possible to totally defeat WPA2 encryption using KRACK, allowing a third party to sniff all the Wi-Fi packets you're sending out. Any device that uses Wi-Fi and WPA2 is most likely vulnerable to the bug, which at this point is basically every wireless gadget on Earth.
Google and the rest of the OEMs are working to clean up Android's KRACK epidemic, and, on Monday, Google addressed the bug in the November Android Security Bulletin. A patch was posted this week to the Android Open Source Project (AOSP) repository, and, at the same time, Google started rolling out a November security update to Google Pixel and Nexus devices. But if you read the bulletin closely, you'll see the November security patch for Google devices does not contain the KRACK fix.
...
After contacting Google, we got word that Pixel and Nexus devices will only get patches covering the November 1 and 5 bulletins this month, and it seems Google has changed the ambiguous language in the security bulletin. We also have a bit of news: the KRACK vulnerability won't be patched on Google-branded devices until December. That's right, Pixel and Nexus owners will have to survive a whole extra month being vulnerable to KRACK. But this isn't as huge of a problem as you might imagine.
....
Google and the rest of the OEMs are working to clean up Android's KRACK epidemic, and, on Monday, Google addressed the bug in the November Android Security Bulletin. A patch was posted this week to the Android Open Source Project (AOSP) repository, and, at the same time, Google started rolling out a November security update to Google Pixel and Nexus devices. But if you read the bulletin closely, you'll see the November security patch for Google devices does not contain the KRACK fix.
...
After contacting Google, we got word that Pixel and Nexus devices will only get patches covering the November 1 and 5 bulletins this month, and it seems Google has changed the ambiguous language in the security bulletin. We also have a bit of news: the KRACK vulnerability won't be patched on Google-branded devices until December. That's right, Pixel and Nexus owners will have to survive a whole extra month being vulnerable to KRACK. But this isn't as huge of a problem as you might imagine.
....
