The security protocol used to protect the vast majority of wifi connections has been broken, potentially exposing wireless internet traffic to malicious eavesdroppers and attacks, according to the researcher who discovered the weakness.
Mathy Vanhoef, a security expert at Belgian university KU Leuven, discovered the weakness in the wireless security protocol WPA2, and published details of the flaw on Monday morning.
Wi-Fi can be KRACK-ed. Here’s what to do next
A security researcher has revealed serious flaws in the way that most contemporary Wi-Fi networks are secured.
Discovered by Mathy Vanhoef from the University of Leuven, the vulnerability affects the protocol “Wi-Fi Protected Access 2”. Otherwise known as WPA2, this encrypts the connection between a computer or mobile phone and a Wi-Fi access point to keep your browsing safe.
KRACK Attack Devastates Wi-Fi Security
A devastating weakness plagues the WPA2 protocol used to secure all modern Wi-Fi networks, and it can be abused to decrypt traffic from enterprise and consumer networks with varying degrees of difficulty.
The 'Secure' Wi-Fi Standard Has a Huge, Dangerous Flaw
When you set up a new Wi-Fi network, you're probably conditioned by now to check the “WPA2” box. You may not specifically know when or why someone advised you to do this, but it was solid advice. Wi-Fi Protected Access 2 is the current industry standard that encrypts traffic on Wi-Fi networks to thwart eavesdroppers. And since it's been the secure option since 2004, WPA2 networks are absolutely everywhere. They're also, it turns out, vulnerable to cryptographic attack.
A flaw in WPA2's cryptographic protocols could be exploited to read and steal data that would otherwise be protected, according to new research from security researcher Mathy Vanhoef of KU Leuven in Belgium. In some situations, the vulnerability even leaves room for an attacker to manipulate data on a Wi-Fi network, or inject new data in. In practice, that means hackers could steal your passwords, intercept your financial data, or even manipulate commands to, say, send your money to themselves.