There’s good and bad news when it comes to updates that address the KRACK exploit.
The exact significance of the KRACK vulnerability is still being debated, but some device manufacturers don’t seem to be displaying any urgency in their response.
As we previously reported, “every Wi-Fi device is vulnerable” to the ‘KRACK’ exploit, according to the security researcher who discovered a design flaw in the four-way handshake used by the WPA2 wireless protocol.
And as mentioned in our follow-up article, the only effective fix is a software update that works around the protocol flaw.
The main operating systems already offer patches that address the problem, although it should be noted that the fix in iOS 11.1 only protects the iPhone 7 and later, and the iPad Pro 9.7in (early 2016) and later, so presumably older iPhones and iPads are still vulnerable.
But what about all the other Wi-Fi devices that aren't computers, phones or tablets? Many small businesses use Wi-Fi printers, so we asked the major manufacturers what they are doing about KRACK.
Brother's local operation expects to announce next week which of its printers and multifunction devices are affected by KRACK (our guess is that it will be all of those with Wi-Fi interfaces), but there's no indication at this stage when any required updates will be released.
All Canon would tell us was: “We are investigating the matter.”
Epson's response was: “We are presently determining which Epson products are affected by this issue, and will disclose both these and our countermeasures when confirmed. In the meantime we ask for the ongoing understanding of our customers.”
HP did not respond to our enquiry.
If these companies are still at the investigation stage two months after the broad disclosure, it doesn't sound like we will be getting firmware updates anytime soon.
Now, what about all those other Wi-Fi devices...?