
41 percent of Android phones are vulnerable to 'devastating' Wi-Fi attack - matthberg
https://www.theverge.com/2017/10/16/16481252/wi-fi-hack-attack-android-wpa-2-details
======
reaperducer
Wow, that's devastating. My phone could be devastated. It's devastational how
devastating this devastation is.

------
ericfrederich
Sensationalist title. This affects every implementation of WPA2. It's just hat
Android was "exceptionally devestating" in that you could use an all-zero key.
This just makes it easier.

~~~
remir
The fact that a lot of OEMs don't push monthly security patches doesn't help.

------
Nexxxeh
Is there better reporting somewhere than The Verge? What's the best write-up
people have seen?

------
dingo_bat
What a bad title! It could also have been "100% iphones are vulnerable".

~~~
remir
The difference here, IMO, is that iPhones and Windows/Linux/Mac PCs will
receive a patch in a couple of weeks, but how many perfectly working Android
phones are now abandoned by their manufacturer? How many Android phones beside
Google Pixel/Nexus receive monthly security patches?

~~~
endorphone
Hundreds of millions of perfectly working Apple devices no longer receive
patches.

~~~
remir
You're right. This is bad.

------
Zigurd
Google hasn't been perfect, but they have had, and continue to improve, ways
of addressing the update problem. If you are a first tier OEM you have the
clout to make your chip vendors update their BSPs and support them for a
decent length of time, and you have the resources to update your customers'
phones. If you are a lower tier OEM, you should have gone with Android One,
and shipped a more up-to-date Android in the first place and dumped the update
problem on Google.

