Information Security


WPA2 key reinstallation attacks (KRACKs)

Tuesday, October 17, 2017

Security researchers have disclosed a vulnerability in the handshake mechanism unpinning the WPA2 (Wi-Fi Protected Access) protocol.

The class of attack has been named 'key reinstallation attacks' (KRACKs)

The vulnerability potentially allows an attacker to attack to decrypt packets sent by clients.

Mitigation of the vulnerability will require patching software on clients (i.e. on laptops, phones, tablets). Linux systems notably Android are known to be vulnerable. The vulnerability does not allow the shared secure (password) to be compromised and equally although access point vendors are releasing firmware patches these only address a limited use case for the vulnerability related to fast roaming.

For more information see the article at


Apple has patched the KRACK vulnerability with the release of macOS High Sierra 10.13.1. Similar updates are also available for macOS Sierra 10.12.6 and OS X El Capitan 10.11.6. Microsoft patched the vulnerability around the 10th October (Their routine 'patch Tuesday' for October).​