So what’s the good news, exactly? First, patches for this issue are already rolling out. Companies know how serious this protocol breach is and are doing what they can as fast as they can. According to a statement by the WiFi Alliance “This issue can be resolved through straightforward software updates, and the Wi-Fi industry, including major platform providers, has already started deploying patches to Wi-Fi users.”


Second, the handshake your computer and a given website go through with WPA2 is just one countermeasure against ne’er-do-wells. So far it seems secure sites—distinguished by having HTTPS before the URL—are, well, still secure.

And, again, it appears that gaining access to a given wi-fi network still requires physical proximity to the router, so KRACK targets can’t be hit from anywhere in the world, unlike hacks that have no proximity requirements.


For the next couple days, avoid public wi-fi, try to stick with HTTPS sites, and remember to install all patches on your devices as they’re made available.

We’ve reached out to Vanhoef for additional comments and will update if we hear back. In the meantime, his full paper on KRACK is available to read online.