Google today released its Android security patch for the month of November. Aside from bringing fixes for countless bugs discovered in its operating system, the patch also brings the fix for the widespread Wi-Fi vulnerability known as Krack. It’s a weakness in the WPA2 security protocol for Wi-Fi networks. Discovered several weeks ago, Google has now finally patched Krack on Android devices.
Security researchers detailed their findings about the Krack Wi-Fi vulnerability in mid-October. Attackers could eavesdrop on traffic between a computer and an access point, traffic that was assumed to be encrypted. The exploit would have enabled them to remotely inject code into target devices and even steal data.
Given that Krack was a vulerability in the Wi-Fi security protocol, it meant that any Wi-Fi-enabled device was most likely vulnerable. The researchers did point out that Linux and Android 6.0+ devices were particularly vulnerable as they could be duped into installing an all-zero encryption key.
Google has patched this vulnerability for devices running Android 5.0.2 Lollipop and up. Now that it has released the patch for Krack, its OEM partners will combine this with their own security releases and roll out the Krack patch for countless Android-powered devices across the globe.
It’s going to take a couple of weeks, though, because that’s just how the update process works on Android devices.
Filed in Hacking. Source: source.android
. Read more about