Security researchers have cracked a security protocol widely used to protect Wi-Fi networks – and experts have warned that “almost all” devices are at risk of eavesdropping attacks or worse.
According to a new report from Ars Technica, the researchers who cracked the protocol have termed this new exploit as “KRACK” which uses a number of flaws in the “key management” of the WPA2 secured networks.
The reason this flaw is “devastating” and “fatal” is because WPA2 is a popular method to authenticate and protect Wi-Fi networks across both enterprise and personal settings.
According to Matty Vanhoef, one of the researchers who uncovered the issue, 41 percent of Android devices are vulnerable to an “exceptionally devastating” variant of the WPA2 attack, which makes it “exceptionally trivial” to manipulate and intercept traffic.
A paper officially released by Vanhoef says the KRACK attack “abuses design or implementation flaws in cryptographic protocols to reinstall an already-in-use-key.”
“Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on,” explains a post on the website Vanhoef developed to disclose KRACK.
It will be interesting over the next few weeks to see the complexity required to perform this attack, as a hole this wide in WPA2 would have serious security ramifications for almost all of us who connect to home and many commercial WiFi routers.