Samsung has released its November 2017 security patch that is intended to address a Wi-Fi vulnerability called KRACK attack. The security flaw was uncovered last month and is actually a vulnerability in the Wi-Fi encryption standard that could allow attackers to eavesdrop on data sent from a device to a wireless access point over a Wi-Fi network. Researchers from DistriNet Research Group, which found the vulnerability, reported that the vulnerabilities were affecting Linux-based systems and mostly devices running Android 6.0 Marshmallow and above.
More specifically, the KRACK Wi-Fi security flaw is designed to modify the Wi-Fi traffic or inject malware into the traffic sent from devices running Linux or Android. Also, attackers can carry out any malicious activity on a device within range even without having to crack the Wi-Fi network password. For instance, attackers could load ransomware into a website in order to lock a device owner out of his or her hard drive and files until a ransom money is paid for the decryption key that would be used to recover important data. The KRACK Wi-Fi vulnerability can compromise your confidential information such as emails, passwords, credit card numbers, and photos. The exploit was not found in the individual products and implementations because it affected only the 4-way handshake of the WPA2 encryption protocol, which meant that it not only compromised a wide variety of devices and computers with different platforms. In addition to fixing the KRACK Wi-Fi vulnerabilities, the Samsung November 2017 Security Maintenance Release also addresses 61 Common Vulnerabilities and Exposures discovered in Android as well as six security flaws detected in Samsung's own software. The November 2017 security patch is expected to hit Samsung's mobile devices over the next few days.
The KRACK incident was not the first time, however, that Samsung's devices were affected by a major vulnerability in Wi-Fi technology. Last July, a security researcher from Exodus Intelligence revealed during the Black Hat information security conference held in Las Vegas a major vulnerability in the Wi-Fi chipsets used in a wide variety of mobile devices, which include the Samsung Galaxy smartphones. The vulnerability affected the Wi-Fi chips sold by Broadcom and it was dubbed Broadpwn, which exploited several flaws in those chipsets.