Google’s December Security Patch Prevents Attackers From Exploiting KRACK Vulnerability

Google is doing its best to spare users of Nexus and Pixel devices from the dreaded KRACK — short for Key Reinstallation Attacks — vulnerability, so it is now rolling out a new security patch for the month of December. This update is said to address several issues uncovered in the recent months. More importantly, it prevents attackers from exploiting the KRACK vulnerability.

On Monday, Google updated its Android Security Bulletin to reflect which vulnerabilities are being addressed by its latest security patch for Nexus and Pixel devices. Google identified and grouped the vulnerabilities it discovered in the past couple of months using a severity assessment that is based on the effect that an exploited vulnerability would have on affected devices.

What’s good about Google’s December security patch is it addresses the KRACK vulnerability that is notorious for allowing attackers to access data from affected devices. This recently discovered security vulnerability apparently affects majority of Android OS-powered devices that feature Wi-Fi support.

When an attacker is within range of an affected Android device, the attacker can use the KRACK vulnerability to retrieve pertinent information that users assume to be safely encrypted. Sensitive data that can be retrieved using the KRACK exploit include credit card numbers, chat messages, emails, passwords, photos, as per Phone Arena.

Since the discovery of the KRACK vulnerability, many smartphone makers have released security patches to protect users from attackers. Google is doing this now through its December security patch. The Mountain View giant is encouraging its consumers to update their devices for a more secure user experience.

“Exploitation for many issues on Android is made more difficult by enhancements in newer versions of the Android platform. We encourage all users to update to the latest version of Android where possible,” Google noted.

Google also assured Android device users that it has a team that keeps track of questionable activities. “The Android security team actively monitors for abuse through Google Play Protect and warns users about Potentially Harmful Applications. Google Play Protect is enabled by default on devices with Google Mobile Services, and is especially important for users who install apps from outside of Google Play.”

Apart from the KRACK vulnerability, the new security patch, which is rolling out this Tuesday, also has a slew of fixes for issues found in Qualcomm, Nvidia and MediaTek products. It isn’t clear though if the December update has fixes for certain Pixel 2 and Pixel 2 XL issues that were previously reported, such as the problem with audio playback, random reboots and the buzzing noise that’s coming from inside the Pixel 2, as pointed out by Android Authority.

Google said in October that it was working on a patch to address the KRACK vulnerability. Unfortunately, the fix did not arrive with the November security patch. What’s worse is consumers complained that the November security patch caused their devices to suffer from a battery-draining problem. According to complaints posted to Reddit, users saw a quick drop in the battery life of their devices when they are connected to Wi-Fi. Google is already aware of the issue, but it has not issued a fix for it just yet.