The best simple explanation of the KRACK vulnerability

The Krack Attack method is not really a hardware / software issue completely. The hardware / software will be patched to fix the real issue. WPA / WPA2 encryption uses a key for the devices to communicate anytime and sometimes randomly, when the devices communicate there is what is called a "handshake" between the devices. 4 messages are sent between the devices. At some point in these messages (usually the 3rd message) the devices "agree" on a key that allows them to know they are talking to each other to "secure" the connection the key travels with each transmission between the devices. Currently the key is not randomized enough or regularly enough to prevent the hacker from determining your key. Once they have the key they can tell the devices to not change the key, then do what they want with the info they can see, and even "insert" their own info into your devices (on both the access point i.e. wifi router, and client i.e. smartphone, computer,...etc). Both the access point and the client will need a patch. If the access point only was fixed the hacker can still use access the client. That is why both need the fix. Additionally, Android / Linux devices are susceptible to a "All zero's key hack" where the hacker can change the encryption key to all 0's and not have to use the software to figure out the key each time. That is why just fixing the access point will not completely protect you.