At 8AM Monday morning Eastern Time, researchers plan to reveal details of a new exploit called KRACK that takes advantage of vulnerabilities in Wi-Fi security to let attackers eavesdrop on traffic between computers and wireless access points. The exploit, as noted by Ars Technica, takes advantage of several key management vulnerabilities in the WPA2 security protocol, the popular authentication scheme used to protect personal and enterprise Wi-Fi networks.
So yeah, this looks bad.
The United States Computer Emergency Readiness Team issued the following warning in response to the exploit:
US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017.
It’s not yet clear how easy it will be to hijack and eavesdrop on targeted Wi-Fi networks, but we expect all to be revealed later on today through the website krackattacks.com, before the vulnerabilities are formally presented on November 1st in a talk titled Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 at a security conference in Dallas.
Source: The Verge