Just to add on to your Monday morning blues, WPA2 (Wi-Fi Protected Access 2) which is the de-facto encryption method used by the majority of Wi-Fi routers around the world is rumored to have been cracked.
While the actual exploit, called KRACK — for Key Reinstallation AttaCK has yet to be released, developers who have reviewed the flaw have confirmed that it is serious and could have widespread implications around the globe.
WiFi traffic between your computer, mobile phone and even right down to your cctv cameras are encrypted to ensure that nobody else is able to intercept the data while it is transmitted. This is especially critical when sensitive data for example passwords are passed from your device to the sites where it is intended to go.
Fortunately most sites that handle sensitive data these days run on https, which means that on top of the WiFi encryption, the data is also encrypted again via a certificate unique to each site.
This is a core protocol-level flaw in WPA2 wi-fi and it looks bad. Possible impact: wi-fi decrypt, connection hijacking, content injection. https://t.co/FikjrK4T4v
— Kenn White (@kennwhite) October 15, 2017
However there are still millions of sites and services online which are still running on the non-secure http protocol, and a broken WPA2 encryption protocol could essentially allow someone with enough knowledge of the flaw to intercept and decipher all traffic flowing through the particular WiFi network.
US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017.
The post WiFi WPA2 encryption (very) possibly cracked appeared first on Lowyat.NET.