Apple, Google, Microsoft and other technology firms have been rushing to address issues relating to the Krack WiFi security vulnerability—a flaw that puts any person using wireless internet at risk of being hacked.
Technology firms acknowledged problems with the WPA2 encryption used on all modern WiFi routers, with some announcing that they had already patched the Krack WiFi exploit prior to it being disclosed by cybersecurity expert Mathy Vanhoef on Monday.
“Microsoft released security updates on October 19 and customers who have Windows Update enabled and applied the security updates, are protected automatically,” the company said in a statement.
“We updated to protect customers as soon as possible, but as a responsible industry partner, we withheld disclosure until other vendors could develop and release updates.”
Apple also claims to have fixed the issue in certain versions of its operating systems, including iOS used on iPhones and watch OS used on the Apple Watch, and macOS used on Apple Macs. The patches, however, are mostly only available for trial versions of the software, and therefore only available for developers.
Google is yet to issue any fixes for the Krack attack method, saying in a statement on Monday that it is working on ways to resolve it.
“We’re aware of the issue, and we will be patching any affected devices in the coming weeks,” the Silicon Valley giant said in a statement.
The weaknesses discovered in WPA2 mean that hackers can launch cyberattacks on people using a WiFi network if they themselves are within range. If successfully exploited, Krack—which stands for Key Reinstallation Attack—could give attackers access to a user’s credit card details, passwords, emails, messages, photos and other personal data.
Security researchers have described the security flaw as “unprecedented” in its scope, warning that WiFi users should take measures to protect themselves and their devices from hackers. However they say that it is still up to the major technology companies to issue their own solutions in order to properly address the problem.
“The security industry will chase vulnerabilities for the foreseeable future, and bad actors will continue to find and exploit new ones,” Lisa Baergen, director at NuData Security, said in a statement.
“In the short term, consumers must vigilantly manage their router patches and settings, and organizations must tune their defenses. Ultimately, the only way to break this otherwise endless cycle is for organizations to fundamentally de-value stolen consumer data by stripping it of its usability.”
Until then, people are advised to avoid public WiFi networks and websites that don’t use the secure HTTPS protocol. Any available security updates should also be installed to devices and routers in order to best protect themselves from the Krack security bug.