WPA2, at one time, was the answer to our Wifi security woes. Now, it appears that it’s one of the problems. An announcement this morning indicated a far-reaching and serious vulnerability with the protocol. What we once thought was encrypted traffic, and immune to prying eyes, appears to be available to any hacker that would dare utilize the new exploit, known as “KRACK”, an acronym for Key Reinstallation Attack.
This research has been ongoing. The security research community coordinated the disclosure for Monday morning. The vulnerability potentially affects Android, Linux, Windows, macOS, OpenBSD, some Linksys, as well as many other devices.
The exploit will allow miscreants to steal, change, and even inject data into any network utilizing the WPA2 protocol. The attack works by forcing the target device to reinstall an all-zero encryption key.
The good news is an initial release of patches is available. Newer versions of iOS are not impacted; however, Android 6.0(+) Marshmallow is.
Continue to watch for mitigating controls and patches. I am certain more are forthcoming.