You might have heard or read about WPA2 (WiFi Protected Access II), it is most common wireless encryption protocol that you’ll find in use on networks such as home, public cafes, etc.
Now, researchers have found critical vulnerabilities in the 13-year-old protocol that can allow attackers, within the physical range of your network, to decipher the WiFi password and intercept the internet traffic.
They might be able to get access to any unencrypted traffic between the device and the access point or even decrypt WiFi. Further possibilities include content injection.
The flaw lies in the 4-way handshake used to create an encryption key to secure the traffic, according to a researcher. And the vulnerability can be seen in action in the form of a proof-of-concept known as KRACK (Key Reinstallation Attacks).
The attack vector has been known for weeks but it was scheduled for a coordinated disclosure on Monday (8 AM PST).
Also, a new website krackattacks.com will be made live to describe the issue. One of the researchers has also put up a near-empty GitHub repo contained various tags related to the KRACK attack.
On November 1, the researchers will discuss their paper titled “Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2” at the ACM Conference on Computer and Communications Security, Dallas.
Submitted by: Arnfried Walbrecht