Browni copy and paste (KRACK patches) in to your internet browser.

You will find plenty of patches that have been made available by the likes of Microsoft and Apple. If you read some of the articles you will see that the vendors where informed of the threat before it was made public. 

Here's some hopefully helpful guidance notes for consumer users on the Krack exploit and some practical mitigation steps that can be taken until fixes are rolled out to both client devices and routers.

Who is at risk?

All unpatched WiFi connected devices using WPA2 are potentially affected, however the highest risk group are currently those using android 6+ phones and tablets due to the numbers of devices involved and ease of decryption.

Where am I most at risk?

The highest risk environment is in public spaces using using free WiFi connections, also high density domestic WiFi environments.

What is at risk?

Capture of sensitive and personal data, potential to hijack and spoof connection. The use of HTTPS does not guarantee security on all websites.

What can I do ?

Mobile devices - eg phones , tablets , laptops.

Switch off WiFi and use a 3G or 4G mobile data connection.

If your mobile device only has WiFi, connect to a very local secure WiFi hotspot owned by you , tethering to the internet via a mobile data connection , this should help reduce, but not eliminate the risk.

Fixed devices - eg desktops , games platforms , smart TVs

Use a wired connection , direct Ethernet or via Powerline adaptors
This will not only improve security , performance should benefit as well.

Comments and suggestions to improve these notes are welcomed.

I suspect patches for routers might not be forthcoming. Firstly, routers are not particularly vulnerable unless they are secondary devices connecting by wi-fi to another as an access point. That is a rare scenario only likely to happen in larger premises which are already public (hotels where they have not wired their routers together, for instance) or private (larger houses where the opportunity for an eavesdropper to get close might be more limited). A single router in a typical suburban house or city flat shouldn't be vulnerable. Secondly, routers can have a much longer life than envisaged. The expected life is around 5 years but they are solid state devices and can last a lot longer than that in a cool climate. Many that are giving good service are therefore considered obsolete by their makers. Do we really expect every manufacturer to release patches for every router they've ever made for every ISP's custom edition of the firmware? They clearly couldn't afford that as the personnel required would be huge.

Thirdly, most users wouldn't know how to apply the patch and ISP's would have to find out which customers were still using the ISP-provided router if they were to try to apply the patch remotely. Fourthly, users would probably need a computer running Windows to apply the patch. Those are less common than they used to be.

All for something most users won't need anyway. It's client devices, not access points, which need patching. Apple, Linux and Windows have already done that, leaving Android the only vulnerable devices and many of those, still giving faithful service, are considered obsolete, which is where the real problem lies.

---

@Protech wrote:
<snip>

Comments and suggestions to improve these notes are welcomed.

---

It occurs to me that WiFi-connected printers are potentially vulnerable too.

We can't rely on the printer makers to patch their products, so maybe the safest thing to do is to take our printers off WiFi and connect by USB (assuming that's an option).

The fun starts when the tools are shared!

DD-WRT 33607 Brainslayer build just dropped for those using/wanting it.

Quote:-  "they need to be in range of your wireless signal. (look outside of dodgy types sitting on your garden bench with a laptop)". Thanks for that Mando. Never did get on with the guy next door who is an I.T. techie: 

I live in a quiet residential street and I'm within range of six of my neighbours' WiFi routers (BT routers seem popular around here - and BT pride themselves on the range of their WiFi ...). I'm not vulnerable to them, but they are vulnerable to me. Should I tell them?

If you think I would be unlikely to catch them connecting? When we get a power cut (which we do, occasionally, and it affects the whole street) all their routers go down and come back up at the same time and I know when it happens. My laptop will still be running ...

Lucky for the neighbourhood that I'm honest. Can't vouch for the neighbours' teenage sons, though..

Yes, it is a router problem too.

When I asked Customer Service aka Technical Support, about KRACK & also the USB Port on the Hub One Modem Router, I was told they do not support the HubOne Router.