Monday morning was not a great time to be an IT admin, with the public release of a bug that effectively broke WPA2 wireless security.
Security experts have said the bug is a total breakdown of the WPA2 security protocol. As reported previously by ZDNet, the bug, dubbed “KRACK” — which stands for Key Reinstallation Attack — is at heart a fundamental flaw in the way Wi-Fi Protected Access II (WPA2) operates.
The security protocol, an upgrade from WEP, is used to protect and secure communications between everything from our routers, mobile devices, and Internet of Things (IoT) devices, but there is an issue in the system’s four-way handshake that permits devices with a pre-shared password to join a network.
According to security researcher and academic Mathy Vanhoef, who discovered the flaw, threat actors can leverage the vulnerability to decrypt traffic, hijack connections, perform man-in-the-middle attacks, and eavesdrop on communication sent from a WPA2-enabled device.