Enlarge / *For various interpretations of “Up to date.” (credit: Ron Amadeo)
In October, security researchers discovered a major vulnerability in a Wi-Fi’s WPA2 security called “KRACK.” This “Key Reinstallation Attack” can disrupt the initial encryption handshake that happens when an access point and a device first connect, allowing an attacker to read information assumed to be securely encrypted.
It’s possible to totally defeat WPA2 encryption using KRACK, allowing a third party to sniff all the Wi-Fi packets you’re sending out.

Any device that uses Wi-Fi and WPA2 is most likely vulnerable to the bug, which at this point is basically every wireless gadget on Earth.
Google and the rest of the OEMs are working to clean up Android’s KRACK epidemic, and on Monday, Google addressed the bug in the November Android Security Bulletin.

A patch was posted this week to the Android Open Source Project (AOSP) repository, and at the same time, Google started rolling out a November security update to Google Pixel and Nexus devices.

But if you read the bulletin closely, you’ll see the November security patch for Google devices does not contain the KRACK fix.
Google’s Android security bulletin is not the clearest thing on Earth.

The company posted three different general Android security bulletins for November on Monday, labeled “2017-11-01,” “2017-11-05,” and “2017-11-06.” The Pixel/Nexus specific security page mentions that Google is pushing out only the “11-05” update to devices, leaving OEMs to deal with the rest. However, Google also had language saying the “11-05” release “addresses all issues in the November 2017 Android Security Bulletin,” which would suggest a KRACK fix.
Read 12 remaining paragraphs

Leave a Reply