Recently, some online researchers have discovered a fatal flaw in the WPA2 protocol. This flaw can affect anyone and everyone that is involved with Wi-Fi access.
This flaw allows potential attackers to manipulate vulnerable information such as passwords, e-mails, and other encrypted data, whilst intercepting that information they may also leave ransomware or other malicious content into a website a client is visiting.
The point of weakness is called KRACK, short for Key Reinstallation Attacks. Supposedly the research has been kept under wraps and was designated for disclosure on Monday at 8am.
This point of weakness affects the core WPA2 protocol itself and is highly effective against devices running Android and Linux as well as OpenBSD. To a less extreme measure. it also affects macOS, Windows, and MediaTek Linksys, along with other types of devices. It’s believed that attackers can exploit the flaw to decrypt a cache of data that is normally secured by the ubiquitous Wi-Fi encryption protocol.
The vulnerability allows potential access to credit card numbers, passwords, chat messages, emails, photos among many other possibilities. All modern Wi-Fi protected networks.
The attack functions by forcing the phone/device to reinstall an all-zero encryption key, rather than a real key. Some may think that visiting only HTTPS-protected pages would solve the issue, however the risk remains due to many sites possibly being improperly configured allowing the forceful action of dropping encrypted HTTPS traffic and instead transmitting unencrypted HTTP data.
Patches have started to be developed for devices at the most risk currently. Thus far Linux patches have been developed but there is no word when they will be released. Some however not all Wi-Fi access points have patches available right now.
There will be an official address on November 1st at the ACM conference on Computer and Communications Security in Dallas. Its believed the address will also be available on krackattack.com’s site.
This could become one of the biggest threats to large corporations and government Wi-Fi networks.
Its advised to abstain from Wi-Fi use until patches are available and instead use a wired connection.