Your Windows 10 Mobile phone is secure against KRACK

Published by at

In case you're wondering, your Windows 10 Mobile phone is secure against KRACK, the latest security scare for smartphones across the world, leveraging issues in the WPA2 Wi-fi encryption system to allow nearby attackers to perform a man-in-the-middle attack against your 'secure' connections and steal login credentials and worse. Microsoft patched all branches of Windows 10 (including for Mobile) in the recent monthly 'patch Tuesday' updates (latest here).

From Microsoft:

A spoofing vulnerability exists in the Windows implementation of wireless networking. An attacker who successfully exploited this vulnerability could potentially replay broadcast and/or multicast traffic to hosts on a WPA or WPA 2-protected wireless network.

Multiple conditions would need to be met in order for an attacker to exploit the vulnerability – the attacker would need to be within the physical proximity of the targeted user, and the user's computer would need to have wireless networking enabled. The attacker would then need to execute a man-in-the-middle (MitM) attack to intercept traffic between the target computer and wireless access point.

The security update addresses the vulnerability by changing how Windows verifies wireless group key handshakes.

So nothing to see then. Much as with Blueborne, your use of Windows 10 Mobile and its regular updates has you fully protected.

The big takeaway here, yet again, is that Android phones and tablets are by far the most vulnerable to the attack, mainly because the vast majority of Android devices aren't kept remotely up to date, leaving a rich pool of vulnerable users across the world.

Strike another for Windows 10 Mobile security?

I do use Android as part of my daily device set-up, but the world of this OS is just so diverse and fragmented. I manage by using a phone flashed with Lineage OS, an Android variant that's truly open source and updated weekly. But you have to fear for the average 'normob' with a budget Android phone checking their bank account on a Wi-fi hotspot at a café....

Source / Credit: Microsoft