Posted on

The Windows 10 Fall Creators Update Is Here

The Windows 10 Fall Creators Update is here. Microsoft’s latest major upgrade to its desktop OS brings with it plenty of changes, from new visual styles to the dawn of Windows Mixed Reality, and you can now install the update to see how things have improved from the Creators Update.

Much of the focus on the Fall Creators Update, at least among enthusiasts, will be on Windows Mixed Reality. This is Microsoft’s attempt to prove that mixed reality headsets will soon be one of the primary ways we interact with our devices instead of luxury items used mostly for entertainment. Dell, Samsung, and several other companies have prepared headsets for launch alongside the Fall Creators Update.

But that doesn’t mean the only thing worth paying attention to in the Fall Creators Update is Windows Mixed Reality. The release also sees the debut of Fluent Design, improves central utilities like Action Center and Task Manager, and introduces new features that expand upon Windows 10’s capabilities. Yet some of the update’s standout features—Story Remix and new Windows Timeline prime among them—are missing.

Windows Mixed Reality

In case you’ve missed our flurry of coverage over the last year, Windows Mixed Reality is the new name for Windows Holographic. Microsoft believes wearing a mixed reality headset will soon become just as common as using a desktop or laptop PC, and it wants its OS to be ready for that shift. Now it’s finally here, and that means you’ll be able to see for yourself how it compares to platforms like Oculus and HTC Vive.

First, you’ll have to make sure your PC meets the minimum requirements for Windows Mixed Reality. The base platform isn’t all that taxing—you can get away with a modern CPU with integrated graphics—but Windows Mixed Reality Ultra requires more powerful processors and dedicated graphics. (Windows Mixed Reality Ultra offers improved performance, support for more software, and other benefits over the base platform.)

You can learn how to check if your PC supports Windows Mixed Reality here. Once you’ve done that, just head to the Mixed Reality Portal from the Start menu, agree to Microsoft’s terms, and then follow the setup process, which should be quite simple.

Fluent Design, New Features, And What’s Missing

The Windows 10 Fall Creators Update also features some obvious changes to Windows 10’s design. Microsoft has implemented a new Fluent Design system that emphasizes textures, lighting, and motion to make it easier for people to use Windows apps and services. Fluent Design also appears to have been influenced by HoloLens, and it seems poised to prepare Windows for use across both traditional PCs and mixed reality headsets.

The Fall Creators Update is more than just a new coat of paint, however. Microsoft also introduced some new features, such as a GPU monitor in Task Manager, ransomware protections via the Windows Defender Exploit Guard, and expanded PDF support in the Edge browser. These won’t lead to monumental shifts in how you use Windows; they’re simply quality-of-life improvements meant to refine Windows 10’s base experience.

Similar changes were made to gaming on Windows 10. Microsoft will now let you toggle the performance-enhancing Game Mode right from the Game bar (where you can buy a Game cocktail and watch a Game game on the Game TV) instead of having to rifle through the Settings app. You can also check on network quality issues via an Xbox Networking section in Settings, and you should notice improved Mixer broadcasting.

All of these changes, as well as the many improvements Microsoft made to Windows 10’s accessibility, are welcome. But it seems like the Fall Creators Update lacks any single marquee feature that will compel everyone to upgrade. Windows Mixed Reality is the main attraction, but how many people will actually be purchasing one?

It wasn’t supposed to be this way. Microsoft showed off new apps at Build that would’ve made the Fall Creators Update seem like a much bigger deal. Perhaps the coolest was Story Remix, an app that lets you combine photos, videos, music, and 3D objects into one AI-generated video. Story Remix was stunning, but it’s nowhere to be found in the Fall Creators Update. Many of its features were instead added to the existing Photos app, with the notable exception of the support for 3D objects, which is said to be coming at a later date.

The new Windows Timeline, which promised to make it easy to access backups of your files or pick up where you left off in an app, is also missing. Its omission comes as less of a surprise because Joe Belfiore, corporate vice president of Windows, said in July that it wouldn’t debut alongside the Fall Creators Update. Instead, Microsoft told us that features announced at Build would merely start to roll out with this release.

You can find a full list of the changes coming in the Fall Creators Update in Microsoft’s blog post about its release.

How You Can Get It

If you’re itching to give Windows Mixed Reality a whirl, or if you simply like to use the latest version of Windows as soon as it’s available, you can download it starting at 10am PT today. There are two ways to update—Microsoft’s preferred way, and the impatient way. Both are easy to do.

Microsoft would prefer for you to wait for the Fall Creators Update to roll out to your device. The company is staggering the release of new Windows updates to select hardware to ensure the best experience on as many systems as possible. If you have a newer system, you’ll be prompted to install the Fall Creators Update before those with older systems. You can also go to the Windows Update section in the Settings app to see if you’re part of the first group to receive the update. If you are, it will start to download immediately.

But waiting is for squares. That’s why Microsoft will also let you manually install the Fall Creators Update by heading to its Software Download Site (its capitalization) and clicking “Update now.” Once you do that, the Update Assistant will help you get things rolling. Easy-peezy.

Posted on

FTC Asked To Investigate Hackable Kids’ Smartwatches

The Norwegian Consumer Council and Mnemonic, a security company, revealed that several brands of smartwatches made for children are easily hackable. In response to these findings, U.S. privacy groups have asked the Federal Trade Commission (FTC) to investigate the products’ makers.

These watches are equipped with GPS capabilities that are supposed to let parents keep track of their children’s locations. The Norwegian Consumer Council and Mnemonic tested the security of four of these watches; three had serious flaws. Mnemonic said in its announcement that the vulnerabilities are “not technically difficult to exploit, and in two cases, allow a third party to covertly take control over the watch.”

“It’s very serious when products that claim to make children safer instead put them at risk because of poor security and features that do not work properly,” says Finn Myrstad, Director of Digital Policy at the Norwegian Consumer Council. “Importers and retailers must know what they stock and sell. These watches have no place on a shop’s shelf, let alone on a child’s wrist.”

Yet at this point, the fact that these watches are easily compromised shouldn’t come as a shock to anyone. Here’s the common sequence of events: An internet-connected product is released, purchased by a bunch of people, and then hacked. It’s gotten to the point where the FBI warned parents not to buy internet-connected toys without vetting them first, and Mattel preemptively canceled a kid-focused IoT device called “Aristotle.”

There were more concerns about some of the devices. In addition to putting children’s data at risk of being hacked, several of the companies’ terms and conditions violate the Norwegian Marketing Control Act and the Personal Data Act by not allowing accounts to be deleted, or they were simply lacking terms and conditions. That means the data collected by these watches is just waiting to be abused to suit the companies’ own purposes.

That’s why the Electronic Privacy Information Center (EPIC), The Center for Digital Democracy, and other U.S. privacy groups asked the FTC to investigate the Norwegian Consumer Council and Mnemonic’s findings. In a letter, the groups said “this is a real risk to children’s safety” and urged the regulator to be more proactive in protecting kids from companies like this.

 

Posted on

Google’s rolls out new, crazy-secure, email

SAN FRANCISCO — Google on Tuesday rolled out a nasty-complicated but insanely secure version of its Google accounts aimed at “those who need it most,” such as journalists, politicians and activists. It’s not pretty but stands a good chance of keeping the bad guys out.

Called the Advanced Protection Program, it requires users to jump through a series of hoops most Internet companies have worked for years to make go away — dongles, extra passwords, locked-down systems that can’t talk to anything else and a non-intuitive sign-up procedure.

This is so not plug-and-play.

What it is, however, is safe. Not “I work for the National Security Agency and print out the nuclear codes every time they change” safe, but more “I’m working on a Senate campaign and we really don’t want the Russians, or anyone else, to get into our email system” safe.

Signing up requires a Google account and then linking not one but two dongles, or small devices that connects to a computer’s USB port or via Bluetooth. Each produces a highly secure code key that uses the standards of the international FIDO Alliance (for Fast IDentity Online.)

These plastic keys are about the size of a regular door key but instead hold codes Google uses to verify that you’re you and that you should have access to the account. The key can go into the USB drive on a computer or via Bluetooth to a mobile device such as a phone.

While the secure accounts are free, the hardware to make them secure costs money. A USB security key runs about $25 while the Bluetooth-enabled keys are about $18.

Once you’ve tied these keys to your Google account, you’ve got to have one of them present in order to access your mail and files.

Otherwise — take note — it’s Do Not Pass Go, Do Not Collect Your Email.

“What I think has changed is that people recognize they may never be able to ‘learn’ how to act optimally in a defensive sense, so this program literally eliminates many sources of humans messing up,” said Joseph Lorenzo Hall, chief technologist with the Washington D.C.-based non-profit the Center for Democracy & Technology.

That means using a locked-down Gmail account which may not have all the functionality a more open one could have, though Google does say it’s exploring adding access to some trusted partners as time goes by.

And about that dongle? You really, really don’t want to lose it, or forget your password. Google hasn’t even said what the recovery process will look like, but it is expected take three to five days.

This isn’t an email system for everybody, Hall said. Those who are considering it should think carefully about the threats they face before they sign on. For most regular email users it will be overkill.
But if someone’s possibly being targeted by a nation state attacker or very determined attackers or organized criminals, the answer is a clear yes, he said.

“Sexual assault and domestic violence victims, billionaires, finance employees, judges and law enforcement officers — they certainly face these threats and should use it,” he said.

The system also doesn’t allow users the freedom that non-secure Google accounts have. Once signed up, their Google account is only able to gather data from a few secure apps so that miscreants can’t get to their inbox or Google drive via them.

In a way, this is an admission of defeat but also of reality. The Holy Grail of online security has long been a system with serious security that was as easy to use as any other program.

With the launch of Advanced Protection, Google is acknowledging that while no one has come up with something that’s both easy to use and secure, there are enough people out there who really need protection that even a somewhat gnarly program is going to find users.

Posted on

Five signs your laptop is in trouble — and how to fix them

Catch laptop trouble as early as you can.

When something goes seriously wrong with your laptop, you usually receive an advance warning. A virus might alter your security settings, for example, or a failing hard drive might start making funny noises. If you catch these signals early, you can quickly diagnose and fix your computer.

Many of our recommended solutions involve a thorough malware scan. If you haven’t already installed antivirus and antimalware programs on your system, do that now. You cannot rely on the build-in Windows or macOS programs, and should talk to an IT professional about another security suite. Just make sure to put in the research: Check out an online buying guide for Windows or macOS, read up on user and professional reviews, and find the right set of tools for your needs. Don’t let price deter you—solid computer security is worth the money.

In addition to your primary suite, consider getting a second opinion. You can employ a less-intensive scanner, one that requires you to install fewer files, alongside your main one. Instead of running regular checks, the secondary program would work on an on-demand basis: You only need to fire it up when you need it. We like ESET Internet Security and Malwarebytes for Windows and Malwarebytes and ESET CyberSecurity Pro for macOS.

With so many computer systems out there, problems may manifest differently on each type of machine. But by the time you’ve finished reading this guide, you should have a much better sense of what various issues look like. And the earlier you spot them, the earlier you can fix them

1. Sluggish and unresponsive performance

If your laptop begins slowing down, this doesn’t necessarily mean it’s caught a virus. However, sluggish performance can be a tell-tale sign that a hacker has hijacked your machine for secret activities such as sending spam or mining for cryptocurrencies.

Start with a thorough malware scan. Then check the programs that may be running in the background. On Windows, open the Task Manager (to find it, search for the program’s name via the taskbar), and on macOS, the Activity Monitor (search for it in Spotlight). You’ll see a list of currently-active programs, including some familiar names and some strange ones. Don’t expect to recognize everything here—active processes you haven’t seen before aren’t necessarily bad. Just try searching for those processes online to learn more about them.

If a malware scan comes up blank, and you can’t find anything suspicious in the list of running applications, the culprit may be a non-malicious buggy program. Try shutting down your open windows one by one and then restarting those programs. Or, if you notice that one of the active programs in the list is using up a lot of memory, you can try uninstalling it.

The slow performance may simply be a symptom of your laptop’s age. But all is not lost: We have tips for speeding up old computers, whether they’re Windows or macOS.

2. Persistent error messages

All computers get the occasional error message. It’s when you start seeing these alerts regularly, over and over again, that you should start to worry.

Because the culprit could be anything from failing hardware to a virus to a corrupted program installation, you’ll need to put in some detective work to discover the root cause of the messages. Start with the text of the error message and any codes it includes. Then go online and type that information into your favorite search engine. You should find some pointers on what’s going wrong and how you might be able to fix it

If your results indicate that errors are related to one specific program, then you have a relatively easy fix: Uninstalling and reinstalling that application is one of the most effective ways to make everything run smoothly again

You can’t diagnose every issue this easily. When you’re receiving shorter error messages, the text may turn up fewer search results, which can make them harder to troubleshoot. For more information, look at the message’s timing. When viruses and malware are causing issues, for example, they often trigger errors that appear when your computer is booting up or shutting down, or when you’re trying to configure your security programs. Alternatively, if you tend to see messages while you’re attaching a Bluetooth keyboard or another peripheral device, that gadget’s outdated software may be to blame. Check online to see if you can find updates for the device

If your online sleuthing can’t uncover the culprit, try running through the most comprehensive virus scan you can. As a last resort, back up all of your applications and files and then reinstall Windows or macOS. This should fix most error messages—unless they’re related to failing hardware. In that case, you may have no choice but to buy a new machine.

3. Unrequested changes to settings

If your applications start behaving strangely or reconfigure their settings without your permission, your machine has probably caught a virus. After gaining access to your system, malware will often alter your settings for its own purposes, such as preventing you from removing it.

Often, you’ll first notice these changes in your browser. The infection might disable certain features, change your homepage, or reset your default search engine. Sometimes, new extensions that want to push their own services, rather than viruses, will alter your browser settings. You can check by uninstalling any recent extensions.

Also watch out for other suspicious changes: New icons, which you didn’t ask for, may appear on your desktop, or an invisible hand might reconfigure your security programs. Viruses can trigger a wide variety of different changes, so keep an eye on your applications and don’t ignore major modifications to your software setup

As we’ve mentioned before, this activity might be innocent—programs reconfigure your system all the time in order to work properly. Just be wary of changes that seem to happen without warning or that involve your browser or security applications.

To fight a potential infection, first roll back the changes—for example, set your browser’s homepage back to its original location. Then run a full virus and malware scan on your system. If you find out that a legitimate program or browser add-on is the one that keeps making changes, you can uninstall it.

4. Random web pop-ups

Everyone has to deal with pop-ups while browsing online. But if you’re seeing more than normal—and they’re pushing suspicious content rather than prodding you to sign up for a newsletter—then you might have a problem. What sort of pop-up content should set off alarm bells? Look out for messages that claim you’ve won a competition or a reward, flash a malware alert, or nag you to play games, especially if they also make it difficult for you to return to the original page. These can signal that a browser extension is behaving badly or that some kind of malware has taken root on your machine.

To fight the intrusions, first find a list of browser extensions you’ve installed. In Chrome, for example, they sit under the More tools entry on the main app menu (open it by clicking the three vertical dots on the top right). In Firefox, they’re behind the Add-ons entry in the main app menu (launched via the three horizontal lines on the top right). In Safari, access them through Preferences on the Safari menu. Finally, in Microsoft Edge, open the main app menu (the three dots on the top right) and choose Extensions.

Next, uninstall as many of these add-ons as you can, stripping your browser down to the bare minimum to see if this fixes the problem. If that doesn’t tame the pop-up epidemic, try uninstalling and reinstalling the browser. In addition, as always, run a thorough virus and malware scan to see if something outside your browser is causing issues.

5. Strange noises

As a computer’s internal components begin to wear out, it can grow too old to function properly. Refusal to switch on is a sure sign of hardware issues. But you should also keep an ear out for strange and repeated noises coming from the depths of your laptop, because these can indicate that hardware failure is imminent.

When you hear these sounds, immediately save your data to an external machine or a cloud service. (This task will be easier if you’re already backing up your files on a regular basis, a habit that everyone should cultivate.) Even if the noises prove to be inconsequential, it never hurts to back up your data. And in a worst-case scenario, an archive of this information will preserve your digital memories and ease the process of switching to a new computer.

Once you know your files are safe, you can start figuring out just what the problem might be. Consider your laptop’s age: The older it is, the more likely hardware failure is to blame. Have you ever dropped your machine or spilled a hot drink on it? Accidents like these can speed up a computer’s aging process. If your machine is relatively new, a foreign object could be gunking up the works. Try cleaning out your laptop’s sockets and ports with a small can of compressed air to make sure it’s not carrying some small, easily dislodgeable item.

If the weird noises persist, run a systems diagnostics program to figure out whether your laptop really is on its last legs. For example, software like CrystalDiskInfo for Windows (free) and DriveDx for macOS ($20 with a free trial) can report on the health of your hard drive. And if an internal component is on its last legs, it may cause other symptoms such as overheating, random crashes, and particularly slow performance.

Unfortunately, if a part of your laptop is failing, you can’t do too much about it at home. So go to the experts: Visit your local computer repair shop to see if they can replace the component. Or, depending on your computer’s age, you may want to invest in a new laptop instead of trying to resuscitate an old machine.

Posted on

Apple iOS 11.0.3 Starts Causing Problems

Here we are again. Following Apple iOS 11’s troubled launch and the rushed releases of iOS 11.0.1 (which made things worse) and iOS 11.0.2 (which did the same), iOS 11.0.3 has become the fourth iOS 11 upgrade (and third dedicated bug fix) in just three weeks. And predictably rushing out upgrades means iOS 11.0.3 has also started to cause problems…

I warned about this last week in my iOS 11.0.3 Upgrade Guide given the flurry of user complaints across reddit and social media, leading me to conclude you should hold off. One week later and having had the time to properly evaluate this, that was the right call.

The pattern is familiar. Once again the dominant themes for iOS 11.0.3 upgrades is poor performance and heavily degraded battery life. The latter in particular has seen users flood the official @applesupport Twitter account with complaints and examples of iPhone batteries only lasting a few hours. This aside there are also plenty of reports of problems with overall stability, Touch ID and Bluetooth.

Here are some examples:

“@AppleSupport Battery draining faster than before after iOS 11.0.3 Update” – source
“Same here ! @AppleSupport what’s up. iPhone 7 iOS 11.0.3 made it worse, it’s draining as I type! #iphone7 #BatteryDrain #Apple” – source

“@Apple u better fix the battery program in the ios11 update. I have to recharge my battery 3 times in a day. And i’m sick of it..” – source

“@AppleSupport iOS 11 = total disaster. Updated to 11.0.3 hoping all bugs are fixed. Instead i now have a frozen 6s that can’t be turned off” – source

“@AppleSupport i have updated to iOS 11.0.3, the phone is dead slow, even the twitter app takes more than 5-10 second to open, using iPhone6” – source

“Since I’ve updated my @Apple 6S Plus to the new IOS 11.0.3 its been super slow and unresponsive :/ @AppleSupport” – source

“@AppleSupport @Apple why does both my iPad pro and iPhone 7 Plus have Bluetooth interference problems with my speaker!?!? IOS 11.0.3” – source

“@AppleSupport my iPhone 6plus been freezing & turning off since 11.0.3 update what’s happening? This update was supposed to fix the problem” – source

““#Annoying the #iOS update 11.0.3 is draining the battery life faster than ever. It’snt #cool @Apple @AppleSupport was good on iOS10 #fixit” – source

“@AppleSupport my iPhone 6s Plus just updated to IOS 11.0.3 and now my home button won’t work unless I click on it twice” – source

“@AppleSupport ever since I updated my iPhone 6, my calendar app has not worked properly and my alarm has been glitching out” – source

“@AppleSupport Hi, my 6 is really buggy on 11.0.3. No time on home screen sometimes & screen locks landscape. Any updates in the pipeline?” – source

“My battery life sucks ever since the upgrade. Before the upgrade, I charged my iPad twice, sometimes 3 times a week. Now it needs to be charged everyday. Also, half the time I put it on the charger, it doesn’t charge. I rue the day I upgraded to iOS 11.” – source

“They still haven’t fixed whatever the f*** is draining my SE’s battery so badly. I’ve only been up and about for a couple of hours, barely used my phone and I’m already below 50%.” – source

“Lost the clock and date on the home screen completely. Phone started turning off by itself on 80% battery. I have a 2 months old iPhone 7. This is really a s**** 0.3 update. Apple quality in terms of hardware and mobile software is considerably going down in the past year or two. I’m missing the Steve Jobs era.” – source

“Apple software 11.0.3 update has just ruined my iPhone thanks a lot Apple @AppleSupport @Apple” – source

“Random lag/stuttering. Momentary app freezing. Battery life significantly worse. Control center/lock screen audio controls not working (also affects using bluetooth in my car). Touch ID not working sometimes. Map scrolling in pretty much any Nav app including native is laggy and not smooth anymore. Apps that use UITableViews don’t scroll smooth anymore. Apple Watch not connecting to the phone anymore unless I reboot. Other than that it’s been great on my iPhone 7.” – source

You get the picture.

And yet the irony is Apple has also continued one positive pattern with its flurry of iOS 11 updates: the fixes it calls out by name in each release do seem to be working. In the case of iOS 11.0.3 these were niche (haptic feedback on iPhone 7/iPhone 7 Plus and unresponsive iPhone 6S displays when repaired with non-genuine Apple parts) but it’s still good news.

Consequently, as I said in my iOS 11.0.3 Upgrade Guide, if you suffer from one of these two specific faults then it is worth upgrading.

Unfortunately for everyone else the big picture is a lot less rosy. Last month SaaS service provider Wandera ran data analysis across 50,000 iPhones and found those who had upgraded to iOS 11 saw battery life declines averaging 60%. No iOS 11 update since has even cited battery life problems. Apple needs to tackle the big problems as a priority.

Until last week the simple solution to many of these problems was to downgrade your iPhone, iPad or iPod Touch to iOS 10.3.3. Unfortunately Apple has now stopped ‘signing’ iOS 10.3.3 which means there is no route back to iOS 10. If you haven’t already done it, you can’t do it now.

None of which is to say it is impossible to upgrade to iOS 11.0.3 and find your device works well. In particular there are very few reports of the new iPhone 8 and iPhone 8 Plus suffering any problems in iOS 11. Yes, cynics will say that’s predictable.

Despite this, right now it is impossible to recommend anyone upgrade to iOS 11.0.3 unless they have one of its two specific fixes. There are far too many problems being reported and Apple’s own security page confirms iOS 11.0.3 doesn’t contain a single security update – so you aren’t missing out there either.

So what should you do?

At this rate it is possible we will see an iOS 11.0.4 in a few days time (making it five iOS 11 releases in a month), but I suspect it is more likely we’ll now have to wait until iOS 11.1. This is currently in beta testing (it has reached #3) and is expected to launch near to the iPhone X in late October/early November. This will be a significant release which should add new features (including one pulled from iOS 11), bug fixes (maybe, just maybe for battery life) and security updates (including a fix for the KRACK WiFi hack).

There’s also another upside to waiting for iOS 11.1: Apple stops rushing out releases, conducts comprehensive developer and consumer beta testing (there were no betas for iOS 11.0.1, 11.0.2 or 11.0.3) and finally fixes more than it breaks.

In Apple speak: the next iOS update needs to “Just Work”…

Posted on

Wi-Fi has a serious vulnerability. Here’s how to stay safe

Wi-Fi is the invisible connective tissue of the internet. But on Monday, we all learned of a vulnerability in the method that wireless networks use to secure the information that travels from your router to your device, and it lies in a protocol called WPA2. Mathy Vanhoef, a 28-year-old postdoctoral researcher at KU Leuven, a university in Belgium, discovered the issue, called KRACKs, months ago.

Here’s what you need to know about the problem, and what to do about it.

It starts with a handshake

When a machine like a laptop or smartphone connects to a Wi-Fi network, the two gadgets carry out a multi-step handshake. That process involves confirming that your phone, for example, has the right password to connect to the network. The handshake system also produces encryption keys that keep the data secure, so no one can snoop on you. It’s here where the vulnerability lies—the exploit causes one of those keys to be reused, which is a security no-no.

“We found a weakness in the design of this WPA2 protocol [in which] we can force a victim into reusing a key,” Vanhoef, the researcher who discovered the issue, says. “In turn we can use that to reveal sensitive information that the victim is sending, such as passwords, or usernames, and so on.”

Good news: For this exploit to actually happen, the hacker taking advantage of it must be in range of the Wi-Fi network, so it’s not the kind of attack that can be carried out from the other side of the world. Bad news: if done successfully, the attacker could intercept and see the data that flows from your device to the internet

“When I initially discovered it, it was really surprising to find this,” Vanhoef says. “Because this WPA2 protocol has been around for 14 years.”

For those looking for a more thorough explanation of the problem, Leuven has published a research paper on the topic and also lays it all out in a website about it.

Who’s affected?

The problem lies in the WPA2 wireless protocol—so it’s not something that a specific device-maker created. According to Vanhoef, common operating systems like iOS, Android, Linux, and Windows are all susceptible, but to different degrees. The most vulnerable devices run the Android and Linux operating systems, Leuven says.

Your home Wi-Fi network is less likely to be vulnerable than a big one, like a public Wi-Fi system at an airport or an office

Leuven says it is unclear if anyone has actually used the exploit yet. “We’re not in a position to determine if people are abusing this or not,” he says. But he remains most concerned about smartphones running Android.

So what should you do?

The most important thing you can do—today and always—is install the automatic updates that companies push out. Whether your smartphone or laptop is running iOS or Android, Windows or macOS, the key is to “always install updates,” Leuven advises. No need to change the password on your home Wi-Fi network, he says. (Microsoft is on the ball with this one and patched the issue on October 10.)

And while home networks and routers are less vulnerable than others, it’s also a good idea to make sure your router’s firmware is updated. For example, Netgear published an article listing the routers, cameras, range extenders, and other gizmos that are vulnerable to this exploit, and explains how to get the newest firmware

Karen Sohl, a communications director for Belkin, Linksys, Wemo, says that they are “aware” of the vulnerability. “Our security teams are verifying details and we will advise accordingly,” she says, via email, adding that they “are planning to post instructions on our security advisory page on what customers can do to update their products, if and when required.”

And Apple confirmed to Popular Science that fixes for the exploit are coming to consumers via updates in the next few weeks for iOS, macOS, watchOS, and tvOS; those same updates are already out in either public or developer betas.

“Don’t panic,” Candid Wueest, a threat researcher with Symantec, says. However, he adds, “It is definitely a serious vulnerability which is present in the design of Wi-Fi as we use it, with the WPA-2 encryption.”

Like Leuven, Wueest stresses the importance of updating the software that runs your devices. He also recommends that if you are sending sensitive information, check your browser to make sure the connection is secured with HTTPS/SSL. (Look for a lock symbol in the URL field.) When configured correctly, that protocol protects your information with an additional level of security. The last step to take, for the truly worried? Consider using a virtual private network, or VPN.

Ultimately, a vulnerability like this is “rare,” but compared to malicious code like WannaCry, Wueest says, “it’s not as bad for the internet.”