Yesterday, security researchers published a paper on ‘KRACK,’ a security vulnerability in the WPA2 Wi-Fi protocol. I won’t re-explain how it works here (click the above link if you want to learn more), but almost every modern operating system and device that can connect to Wi-Fi is affected. This includes Android, and if you’re running Marshmallow or later, you’re especially vulnerable.
Google said that the fix for KRACK would arrive as part of next month’s security updates. But if you’re not using a Nexus or Pixel device, it could be weeks (or months) until it reaches you – if ever. But if you’re already using LineageOS, you can rest easy knowing that the custom ROM has already been patched.
A number of commits were made to the project’s Gerrit repository yesterday, which include changes to Lineage’s wpa_supplicant component. If you’re not familiar with it, that’s the Wi-Fi client used on Android and many Linux distributions. The official Twitter account said that all builds made after 10/16 at 9:26 PM PST (12:26 AM on 10/17 for EST) contain the fixes.
If your device has daily builds available, all of today’s compiled zips should have the patch included. If your device only has weekly builds (like mine), you’ll have to wait a few days. Props to the Lineage team, and especially developer Dan Pasanen, for patching the vulnerability so quickly.