The WPA2 encryption protocol that protects Wi-Fi traffic passing between computers and access points is seriously flawed and rumored to have been cracked.
Any hacker who is within physical range of your home or office network can crack your Wi-Fi password or listen in on your internet activity.
The exploit KRACK, short for Key Reinstallation Attacks, is the result of a research that has been a closely guarded secret for weeks ahead of a disclosure that’s scheduled Monday. An advisory that was recently distributed to about 100 organizations described the research as below:
“US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected.”
According to a researcher, the flaw works by exploiting a four-way handshake that’s used to establish a key for encryption. And during the third step, that key can be resent multiple times and a cryptographic nonce can be reused in a certain way that completely undermines the encryption.
It’s to believed that today’s disclosure will be made through krackattacks.com and the vulnerabilities will be formally presented in a talk titled Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 scheduled for 1st of November at the ACM Conference on Computer and Communications Security in Dallas.
What does this mean for you?
For any user, the flaw doesn’t mean you’ll be hacked immediately, but your Wi-Fi network is vulnerable until your router manufacturer issues a security update. Browsing through HTTPS sites is okay, but anything that’s sent in plaintext could be scooped up by eavesdroppers.
In addition to that, depending on how your smart home gadgets are configured, you’ll want to look for security patches for them. Such devices that are connected via WiFi could be hacked and allow hackers to copy or change passwords on your locks and alarm systems.
Things doesn’t look good. We’ll keep updating on this when we know more.