I heard about this early Monday 2017-10-16; and it got me a bit concerned. Six collegiate researchers revealed information on a WPA-2 Wi-Fi security, Key Reinstallation Attack (KRACK Attack). This reliable information will allow attackers to undermine Wi-Fi encryption on any wireless connection utilizing WPA2 Personal security. This will affect literally, any and every brand and type wireless router on the B2B and consumer markets today.
This latest exploit takes advantage of the four-way handshake needed to establish an encryption key between a router and a connecting device. When properly executed, this vulnerability allows attackers to compromise the third step. This can lead to the re-use of an encryption key; or in some cases in Android and Linux based devices, the establishment of a null key.
US-CERT, the division of the Department of Homeland Security responsible for computer safety has become aware of “several key management vulnerabilities” used in the attack. The agency has declared that the vulnerability includes lack of proper encryption, content hijacking, HTTP injection, and other problems. In the advisory issued on Monday, US-CERT says that “most or all correct implementations” of WPA-2 are affected by the vulnerability —meaning every consumer device, and most enterprise access points.