KRACK patch for Pixel and Nexus devices due in December
The November 6 level Android security patch, which contains a fix to the Wi-Fi WPA2 vulnerability known as KRACK, will come next month to applicable Pixel and Nexus devices, Ars Technica reports.
There was a bout of confusion when three November patch levels were released and made available to all OEMs on November 6. The first two, November 1 and November 5, have been pushed to the Nexus 5X, 6P and Player as well as the Pixel, Pixel XL, Pixel 2, Pixel 2 XL and Pixel C. The November 6 patch was not pushed.
The researcher who publicized KRACK reported that devices with Android 6.0 or later were most vulnerable as traffic between the device and the router could be intercepted and an all-zero encryption key could be inserted so that the content of data packets can be unlocked.
Ars‘s Ron Amadeo makes the point that a lot of applications already encrypt their data one way or another and that Android does not rely on WPA2 as its main form of security. The OS has plenty of safeguards to minimize risk on lesser-secured networks. However, if you do happen to be interacting online with a non-HTTPS website, you should still be mindful of your activity.