WiFi is now cracked / hacked / broken - What can be done to protect ourselves?
Unless we've all been hiding under a rock this morning, word has spread quite quickly that KRAck, a new vulnerability with WiFi WPA2, where the attack vector can zero out the encryption due to multiple request of the key exchange. If your CEO or a friend on the street approaches you as a cyber security expert, what would you say?
From POV - use a VPN when on WiFi to protect yourself to start. Even with trusted WiFi connections, there is the opportunity for someone to exploit your WiFi on your system to see the traffic. Add another layer of encryption with a VPN - corporate or personal.
Basically, only Android and Linux are affected, as all the other OS builders don't conform to the standard. Most enterprise-class Wifi manufacturers already have a fix out. If they don't, maybe that's a pretty good indicator to shop for a new vendor. Otherwise, end-to-end encryption is probably the safest bet for now.
Honestly, I never trust WPA2 security, mostly because people never bother to set decent passwords, so I encrypt all my traffic with a VPN.
--- You only say it's impossible because nobody's done it and lived.
I don't think it's Android and Linux alone, Windows received a fix as part of last weeks patch tuesday, I was also reading today Apple devices not on the last beta are also affected as this has only been patched sometime between the vendor notice date (CERT/CC's broad note 28th Aug 2017).
I totally agree however on the need to keep check on vendors timeliness on providing patches. Apples resolution for instance is only presently fixed in beta so unless they push out 11.1 or 11.0.4 you are likely vulnerable.
This also raises the question of "how far back will they fix this?". Both Android and iOS alike have the legacy support issue. then of course we have IoT devices....