Opinion: KRACK makes it clear who is and who isn't ready for the next big cyber security crisis

Credit: Dmitry Kalinovsky | Dreamstime

If there’s any solace to be found in this week’s widespread concern over Wi-Fi vulnerability, KRACK, it’s that the outbreak has given both vendors and consumers some valuable insights into who is, and who isn’t, prepared for The Next Big Cyber Security Scare.

If you somehow missed all the news about KRACK this week, here’s a good summary.

As far as worst-case cybersecurity scenarios go, KRACK is as far-reaching as these things come. Everything uses WPA2: smartphones, smartwatches, laptops, desktops, tablets, eReaders, networked speakers, cameras, smart TVs and more. Odds are, if something has been branded as “smart”, it probably uses WPA2 authentication - which means it's now potentially-compromised.

Utilising the vulnerability, attackers can bypass ordinary Wi-Fi encryption and steal everything from credit card numbers to passwords to emails to photos and chat messages. The “potentially” here refers to the one of the few real silver-linings attached to KRACK: the fact that attackers do have to be within more-or-less physical proximity to your devices if they want to take advantage of the vulnerability does alleviate at-least a little bit of KRACK’s inherent scariness.

A somewhat similar vulnerability saw vendors and consumers abandon the WEP authentication standard in droves back in 2007. Fortunately, fixes for the KRACK vulnerabilities can be implemented in a backwards-compatible way. This time, they’re planning to stick it out. For some customers, updated cybersafety is just a patch away.

Of course, the act of distributing those patches is a process that’s fraught on both sides. Not only all vendors are born equal when it comes to the frequency and the longevity of supporting their smart products via security updates, consumers can’t necessarily be relied upon to proactively seek out those updates.

Credit: Sentavio | Dreamstime

We’re not just talking about the technology illiterate here either. Ubuntu ran a survey on user security last year and found that just 31% of consumers that own connected devices performed security updates as soon as they become available while 40% never consciously installed the said updates. Even for the most IT-savvy, taking control of the security on each and every device you own is a big ask - even if it is a necessary one.

Some security researchers have estimated that between 30% and 50% of devices will likely never be properly patched against the KRACK vulnerability. That’s a chillingly high, yet entirely believable, figure. Sure, the IT professionals and networking enterprises of the world are absolutely going to rush to inoculate themselves against KRACK - but what about everyone else? How many cafe-owners who offer free Wi-Fi to customers are going to go and manually patch their router?

KRACK turns the ubiquity of Wi-Fi against the user to terrifying effect. There are simply too many devices out in the wild that use the KRACK-vulnerable WPA2 to keep track of, let alone effectively update.

Which isn’t to say that vendors aren’t trying. As has been reported earlier this week, Microsoft was pretty much the first one on their feet when it came to tackling KRACK. When news of the vulnerability broke, they announced they’d already released a fix as part of October 10th’s “Patch Tuesday”.

Apple were similarly quick, announcing that a hotfix for iOS, macOS, watchOS and tvOS is in the works but won’t be rolled out for a few weeks. Likewise, Google say they’ve got a patch for both Android OS  - which is specifically more vulnerable to the KRACK exploit than other platforms - and their other wirelessly-enabled devices. However, again, they say it won’t be pushed out for another few weeks.

Samsung, Amazon and others are all taking a similar stance and towing more or less the same line to the media and wider public. "We are in the process of reviewing which of our devices may contain this vulnerability and will be issuing patches where needed," they almost-universally said. Minus any inside knowledge into the internal workings of each of these companies, it’s difficult to say whether or not the timelines of these individual responses is adequate. However, it feels fair to say that three weeks sounds like a bitterly long time at the outset.

Read more: How artificial intelligence is becoming a key weapon in the cyber security war

Credit: Dolphfyn | Dreamstime

Especially when some of the vendors responsible for updating the routers - which make up the other half of KRACK’s four handshake-based vulnerability - have been that much faster at inoculating themselves.

Netgear have already rolled out fixes for several of their more popular devices and indicate that they will comb through their catalog in the coming weeks. Cisco and Synology have also acted swiftly to address the exploit.

Linksys and Belkin, meanwhile, have been a little slower. Earlier in the week, they said that “their security teams are verifying details and we will advise accordingly” but still appear to have not yet issued a hotfix against the vulnerability.

Going forward from this week’s “KRACK Attack”, it’s easy to imagine that security features will become more than a box-checking inclusion for consumer products. The Wi-Fi Alliance, the nonprofit agency that certifies products for Wi-Fi security, has announced that it will start testing for the vulnerability.

In the future, it’s possible that more vendors will follow in Microsoft and Netgear’s footsteps,taking a more proactive approach to cybersecurity that reduces the reliance on the user.  Future smart devices might ask users upon setup how much control over software and security updates they want - giving them the option to surrender a degree of control and enable updates to be pushed with greater frequency.

It’s easy to imagine a world where the discovery of KRACK came with more immediate or even-cataclysmic outcome. It’s much harder to imagine a world where the aftermath of the vulnerability won’t loom large for the decades that follow its discovery.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags cyberKRACKSofttware UpdatesKRACK Vulnerability

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Fergus Halliday
Show Comments

Cool Tech

Bang and Olufsen Beosound Stage - Dolby Atmos Soundbar

Learn more >

Toys for Boys

Nakamichi Delta 100 3-Way Hi Fi Speaker System

Learn more >

ASUS ROG, ACRONYM partner for Special Edition Zephyrus G14

Learn more >

Sony WF-1000XM3 Wireless Noise Cancelling Headphones

Learn more >

Family Friendly

Philips Sonicare Diamond Clean 9000 Toothbrush

Learn more >

Mario Kart Live: Home Circuit for Nintendo Switch

Learn more >

Stocking Stuffer

Teac 7 inch Swivel Screen Portable DVD Player

Learn more >

SunnyBunny Snowflakes 20 LED Solar Powered Fairy String

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers


This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang


It really doesn’t get more “gaming laptop” than this.

Jack Jeffries


As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr


The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?