But.. From the Beeb’s version, it’s unclear why Android and Linux are in the spotlight. It’s a defect in the standards, so would affect all implementations.
Apparently there's an additional bug in Android/Linux's wpa_supplicant software, over and beyond the standards issue.
It's a really nasty one. The KRACK attack method when applied to that software can actually reset the encryption key to all-zeros, immediately making all communications clear.
The author has a Q&A here:
https://www.krackattacks.com/#faqApparently the fix can be made in a backwards-compatible way, so broken devices can interoperate with 'fixed' devices.
iOS and Win10 are vulnerable to only the most difficult attack and apparently a beta of iOS that's already in use by public testers provides a complete fix.
There's a table of devices/OSs which the researchers tested against in this article:
https://arstechnica.co.uk/information-technology/2017/10/how-the-krack-attack-destroys-nearly-all-wi-fi-security/Personally, all my devices which leave the house with me are reasonably safe and will be completely safe (from this attack, anyway) after the next update.
There are devices at home that concern me though. Smart TVs, games consoles, Harmony Hubs, Nest Thermostats, Raspberry Pis -- all that stuff. It appears that even if a router is fixed, the client can still be exploited to gain access to the WLAN. That's the scary bit.
As for this being mitigated by encryption being used at a higher layer (e.g. https), that's true to an extent. But there needs to be a new focus on ensuring every LAN service is also encrypted. For example, are you sure the SMB/CIFS implementation USB Flash-Drive equipped WiFi network printer doesn't suffer from any of the multitude of SMB/CIFS bugs? How about the DLNA protocol service on your TV, AV Receiver, Sky box? Or every Chromecast-capable receiver? And speaking of printers, do you type in a password every time you print to your wireless printer?
Of course, the chances of you personally needing to worry about this depends on your circumstances. But I expect a lot of porn to suddenly start spewing from printers in apartment buildings, flats and uni dorms.