The first new WiFi security vulnerability to be found in 14 years is real a doozey!
The WPA2 encryption protocol which is widely used to secure WiFi traffic is at risk from multiple vulnerabilities, collectively known as “KRACK Attacks”, or Key Reinstallation AttACKs, that were publicly disclosed on October 16, 2017. Every single WiFi connection currently in use is potentially at risk of being hacked security researchers disclosed in a recently released research paper. These vulnerabilities effect both WiFi Access Points or Routers as well as WiFi enabled devices such as Phones, Laptops, Cameras and any devices connected to and communicating over a WiFi network.
The attacks, which cannot be carried out remotely, allow a malicious individual to replace, or reinstall, one of the security keys used to encrypt the communications on a WiFi network with a key of the attacker’s choosing. This allows an attacker to gain access to otherwise encrypted data. This could allow them to view your passwords, credit card numbers, photos and snoop on all traffic sent over the WiFi network. If your home or business uses a single network for Wired and Wireless communication, as most off-the-shelf routers do, this could even include communications to wired devices as well. While the attack is not technically easy to complete for all devices, tools are likely to be made available shortly that will allow less technically savvy people to carry out the attack.
As of this time, the only way to fix this flaw would be to manually replace or patch every WiFi device in existence currently, no small feat. Given that the publication of these vulnerabilities has been withheld, a fix is likely already in the works — or already completed — from major device vendors, but this will only affect those devices that are currently receiving software updates. Older, abandoned devices, will likely remain vulnerable to these attacks.
Full details on the attacks with P.O.C. demonstrations and further news are available on the following website: