X

KRACK attack: Here's how companies are responding

Some companies already have updates to fix the Wi-FI flaw available, but others say it'll take a few weeks.

CNET staff
5 min read

A serious Wi-Fi security flaw was revealed Monday, and it puts everything from your phone to your smart refrigerator at risk.

An exploit called KRACK, short for Key Reinstallation Attack, hits on a weakness in the code behind WPA2, a protocol that makes wireless connections work in practically every device. It was discovered by computer security academic Mathy Vanhoef and could allow hackers to eavesdrop on your network traffic, ZDNet reported on Monday.  

The most important thing you can do is update your devices as patches become available. While some companies already have patches available, others say it could take weeks. 

Here's a list of how companies and device makers have responded to KRACK so far.

Microsoft 

hacking-security-hackers-federal-liberty-computers-2816.jpg

Some companies have already stepped up to patch their devices after the KRACK Wi-Fi security flaw. 

James Martin/CNET

"Microsoft released security updates on October 10th and customers who have Windows Update enabled and applied the security updates, are protected automatically. We updated to protect customers as soon as possible, but as a responsible industry partner, we withheld disclosure until other vendors could develop and release updates."

Apple iOS and Mac

Apple confirmed it has a fix in beta for iOS, MacOS, WatchOS and TVOS, and will be rolling it out in a software update in a few weeks. 

Google Mobile

"We're aware of the issue, and we will be patching any affected devices in the coming weeks."  

Google Chromebook 

Wasn't available for comment.

Google Chromecast/ Home/ WiFi  

"We're aware of the issue, and we will be patching any affected devices in the coming weeks."

Amazon Echo, FireTV and Kindle 

"We are in the process of reviewing which of our devices may contain this vulnerability and will be issuing patches where needed." 

Samsung Mobile

"As soon as we are notified of any potential vulnerabilities, we work closely to address those issues as quickly as possible. We are aware of this matter and will be rolling out patches to Samsung devices in the coming weeks."

Samsung TVs 

Wasn't available for comment.

Samsung Appliances

Wasn't available for comment.

Cisco

Wasn't available for comment. 

Linksys/Belkin 

"Belkin Linksys, and Wemo are aware of the WPA vulnerability. Our security teams are verifying details and we will advise accordingly. Also know that we are committed to putting the customer first and are planning to post instructions on our security advisory page on what customers can do to update their products, if and when required."  

Netgear  

"NETGEAR is aware of the recently publicized security exploit KRACK, which takes advantage of security vulnerabilities in WPA2 (WiFi Protected Access II). NETGEAR has published fixes for multiple products and is working on fixes for others. Please follow the security advisory for updates. 

"NETGEAR appreciates having security concerns brought to our attention and are constantly monitoring our products to get in front of the latest threats. Being pro-active rather than re-active to emerging security issues is a fundamental belief at NETGEAR.  

"To protect users, NETGEAR does not publicly announce security vulnerabilities until fixes are publicly available, nor are the exact details of such vulnerabilities released. Once fixes are available, NETGEAR will announce the vulnerabilities from NETGEAR Product Security web page."  

Eero

"We are aware of the KRACK flaw in the WPA2 security protocol. Our security team is currently working on a solution, and we expect to have more information available later today. We have built our cloud system to push over-the-air (OTA) updates for situations exactly like this, to ensure all of our customers get the most updated software available as quickly as possible with no action required on their part."

Here's Eero's blog post about the vulnerability. 

D-Link

"On Oct. 16, 2017, a WPA2 wireless protocol vulnerability was reported. D-Link immediately took actions to investigate the issues. This appears to be an industry-wide issue that will require firmware patches to be provided from the relevant semiconductor chipset manufacturers. D-Link has requested assistance from the chipset manufacturers. As soon as patches are received and validated from the chipset manufacturers, D-Link will post updates on its website support.dlink.com immediately."

TP-Link

The company released a statement here.

Verizon

Wasn't available for comment.

T-Mobile

Wasn't available for comment.

Sprint

"Since Sprint's network operates on CDMA and LTE technology, not Wi-Fi, the KRACK vulnerabilities are not direct threats to those wireless networks. However, similar to any large company that utilizes Wi-Fi for internal business, we have taken steps to address the vulnerability internally to protect the company."

Ecobee

Wasn't available for comment.

Nvidia

Wasn't available for comment.   

Intel

"Intel was notified by the Industry Consortium for Advancement of Security on the Internet (ICASI) and CERT CC of the identified Wi-Fi Protected Access II (WPA2) standard protocol vulnerability. Intel is an ICASI charter member and is part of the coordinated disclosure of this issue. 

"Intel is working with its customers and equipment manufacturers to implement and validate firmware and software updates that address the vulnerability. For more information, please refer to Intel's security advisory on this vulnerability - INTEL-SA-00101"  

AMD

Wasn't available for comment.

August

Wasn't available for comment.

Nest

"We are aware of the issue and will be rolling out patches to Nest products over the next couple weeks." 

Ring

Wasn't available for comment.

Honeywell

Wasn't available for comment.

ADT

Wasn't available for comment.

Comcast

Wasn't available for comment.

AT & T

Wasn't available for comment.

Spectrum 

Wasn't available for comment.

Vivint

Wasn't available for comment.

Lutron

Wasn't available for comment.

Lenovo

Wasn't available for comment.

Dell

Wasn't available for comment.

Roku

Wasn't available for comment.

LG Electronics

Wasn't available for comment.

LG Mobile

"Smartphone OEMs have to work very closely with Google to find solutions for OS-level vulnerabilities.

"Google is in the process of rolling out patches to carriers and manufacturers at this very moment but it takes time to cover all the major smartphone models.

"So it's hard to say exactly when a specific phone will get the fix but it's certainly being addressed."

LG Appliances

Wasn't available for comment.

GE

Wasn't available for comment.

Philips Hue  

"The KRACK attack is against devices using the Wi-Fi protocol. We recommend that consumers use secure Wi-Fi passwords and install the latest patches on their phones, computers and other Wi-Fi-enabled devices to prevent such attacks. Since Philips Hue does not itself support Wi-Fi directly, it does not need to be patched because of this attack. Further, all our cloud account APIs are protected using HTTPS which offers an additional layer of security which isn't affected by this attack."  

Kwikset 

Wasn't available for comment. 

Yale

Wasn't available for comment.

Schlage

Wasn't available for comment.

Rachio

Wasn't available for comment.

iHome

Wasn't available for comment.

Electrolux/Frigidaire  

Wasn't available for comment.

Netatmo  

Wasn't available for comment.

Roost

"All traffic to and from Roost devices is encrypted end-to-end using the latest SSL/TLS encryption. As such, we don't believe our devices are at risk of this attack. We suggest that our users follow the recommendations from the Wi-Fi Alliance to always use Wi-Fi encryption on their Access points and apply the latest software updates."  

Control4  

Wasn't available for comment.

Watch this: Wi-Fi has a big security flaw - and you need to act now

Technically Incorrect: Bringing you a fresh and irreverent take on tech.

Special Reports: CNET's in-depth features in one place.