We discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks. An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs). Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted.
The attack works against all modern protected Wi-Fi networks…
…Note that if your device supports Wi-Fi, it is most likely affected.
Remember the days of WEP? That thing that was crackable in about 5 seconds, well turns out it’s replacement WPA2 is fundamentally flawed and just as susceptible. WPA2 is the default security protocol used by any modern Wi-Fi device and they’re all at risk to KRACK attacks of one variation or another.
It’s not just limited to the devices that manage your network either, any device using WPA2 from your computer, phone, tablet to your e-reader, security camera or baby monitor, all of them are potential targets and vulnerable to the flaw.
Thankfully, at the moment, the vulnerability is not in the wild. It will not stay that way forever though and for those who are naive enough to believe it will, I wish you good fortune.
Many of the major network and software companies have either released patches or are about to. Apple have betas in testing for patched versions of iOS, macOS, tvOS & watchOS, Microsoft have updated Windows releases ready to go and many networking hard manufacturers are ready with fixes too including Ubiquiti, Meraki & Netgear.
The major risk factor is for those millions on millions of devices that will likely never be updated or users will just never think to. Android too, with it’s loosely supported updates, is likely to suffer should the attack ever make it beyond the closed walls of the labs.
Be diligent, check in with your home router’s manufacturer today and be sure to update as soon as a fix becomes available.
Source: KRACK Attacks: Breaking WPA2