WPA2 is broken. Pending further information to be revealed today and on Nov.1, 2017, this means every unpatched device with WiFi currently seems open to Man-in-the-middle attacks. This includes all models of Fairphones. And also the device you are currently reading this on. Whatever it is, it very surely has WiFi.
Whole industry is on the move to get it fixed. Fairphone patches often within a month or so.
Temporary workaround for the paranoid:
Put WiFi off except at home. Alternatively, don’t use WiFi at all. Use 4G  and wired (USB, Ethernet, etc) instead.
Whilst at home using WiFi you need to encrypt the traffic on one of the network layers.
a) only use encrypted connections such as HTTPS, IMAPS, etc. Use the addon HTTPS Everywhere  for your browser.
b) tunnel everything through a VPN (but not PPTP protocol since unsafe). OpenVPN doesn’t require root while OpenSSH VPN does.
Both 2a and 2b are safe. The exploit requires vicinity access and a MITM (mobile hotspot with same MAC). If you live in a crowdy environment e.g. a flat in a capital city, or e.g. use WiFi in train then I recommend to not use unpatched clients. As time passes by, more scriptkiddies can exploit this. Remember that if you don’t use either 2a or 2b then when you are at a public open hotspot the traffic is also sniffable.
It is a risk for all android devices beginning from Android 6.0 upwards.
Google has to fix it and then the updates have to trickle down via the distributers (FP here) to the vendors (also FP here) to the consumers.
So that can be usually anywhere between a day and 6 months… or never.
I don’t have enough experience with FP (only own mine less than a week), but i think a fix will be available soon or is already deployed.
As a side-note: Also update ALL of your router and WiFi-Devices. They are most likely affected as well.
Only upside to the recent bug: An attacker has to be physically present within the area of your WiFi (up to 100-200m around the AP with proper equipment).
From all the articles I read and even the original paper I’m still confused about the status for Android before 6.0. It’s never mentioned explicitly. And when the talk is about Android 6.0 onwards, it’s usually stated that this version is exceptionally vulnerable (accepts zero keys). As far as I could see there is no statement that Android before 6.0 is not vulnerable.
CVE-2017-13077: reinstallation of the pairwise key in the Four-way handshake
CVE-2017-13078: reinstallation of the group key in the Four-way handshake
CVE-2017-13079: reinstallation of the integrity group key in the Four-way handshake
CVE-2017-13080: reinstallation of the group key in the Group Key handshake
CVE-2017-13081: reinstallation of the integrity group key in the Group Key handshake
CVE-2017-13082: accepting a retransmitted Fast BSS Transition Reassociation Request and reinstalling the pairwise key while processing it
CVE-2017-13084: reinstallation of the STK key in the PeerKey handshake
CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake
CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame
CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame
Android < 6 (ie. <= 5.1.x) isn’t vulnerable to one of these (I don’t know which one ).
I hope I don’t sound stupid, but how do you know that older Android versions aren’t vulnerable?
The list you provided says
The WPA2 protocol is ubiquitous in wireless networking. The vulnerabilities described here are in the standard itself as opposed to individual implementations thereof; as such, any correct implementation is likely affected.
[quote=“Drezil, post:10, topic:34194, full:true”]As a side-note: Also update ALL of your router and WiFi-Devices. They are most likely affected as well.
Only upside to the recent bug: An attacker has to be physically present within the area of your WiFi (up to 100-200m around the AP with proper equipment).[/quote]Nope, APs are not affected. All you need to do is update every WiFi client. Routers or modems (which are routers) are typically APs. The AP part of the handshake isn’t compromised.
The only exception is repeaters (example). Repeaters typically serve as AP and client. They’re a client to the modem/router which is an AP, and they’re an AP to the area they’re being extended to. The former is the issue. (They also cause a lot of noise, but that’s not the point ). I recently started using a repeater because my ISPs modem can only serve in either 2,4 GHz or 5 GHz and I wanted to have the 5 GHz speed for devices which support it. Turns out my partner’s smartphone and our e-readers don’t support 5 GHz. So I plugged in a repeater. However, its plugged in via ethernet and is therefore actually only an AP; not a WiFi client.
The sad truth is, there are a lot of repeaters out there which won’t get fixed…
Same for clients. Luckily I have my e-reader WiFi off most of the time though I expect some updates from Kobo. I think having WiFi off when you don’t need it is a good compromise for the time being, and generally good practice as well. It saves you battery and it gains you privacy because it goes against tracking (although I think Android 7, like iOS, randomises MAC address when not connected?). There are also some programs which enable or disable WiFi based on GPS location. IIRC I used that with Tasker on a rooted phone before, but I don’t remember how well it worked. At the very least you’re not using WiFi for positioning anymore.
Sorry that was me not using the English language very well
So one of these CVEs is very severe and only applies to Android >= 6.0. The other bugs still exist in Android <= 5.1.x
Its just that Android 6.0 >= is hit more severe because it uses WPA Supplicant 2.4+. Its explained on the website krackattacks.com:
Our attack is especially catastrophic against version 2.4 and above of wpa_supplicant, a Wi-Fi client commonly used on Linux. Here, the client will install an all-zero encryption key instead of reinstalling the real key. This vulnerability appears to be caused by a remark in the Wi-Fi standard that suggests to clear the encryption key from memory once it has been installed for the first time. When the client now receives a retransmitted message 3 of the 4-way handshake, it will reinstall the now-cleared encryption key, effectively installing an all-zero key. Because Android uses wpa_supplicant, Android 6.0 and above also contains this vulnerability. This makes it trivial to intercept and manipulate traffic sent by these Linux and Android devices. Note that currently 50% of Android devices are vulnerable to this exceptionally devastating variant of our attack.
TL;DR all Android versions vulnerable. FP1 and FP2 vulnerable.
The developers of wpa_supplicant / hostapd fixed these issues, Google just merges them with their source code and publishes an advisory.
LineageOS patched these vulnerabilities simply by backporting the patches to their repository. There is no need to wait for Google, as far as I see it, Fairphone could simpy merge the changes into their repository and run a new build of the FP1 firmware.