Vulnerability in WPA2 Protocol Allows Attackers to Intercept and Decrypt Encrypted Data Traffic
there is a dangerous flaw in the WPA2 protocol which can be exploited by cybercriminals to intercept emails, passwords and other kinds of encrypted data. An attacker can also inject malicious content such as ransomware into a website when a client is visiting. The proof-of-concept of this exploit has been dubbed as KRACK, which is an abbreviation of Key Reinstallation Attacks.
The vulnerability affects the core WPA2 protocol and devices running Linux, Android and OpenBSD are mainly vulnerable to be exploited while to some extent macOS, MediaTek Linksys and Windows devices are also vulnerable.
KRACK performs the attack by targeting the four-way handshake. KRACK tricks the client, which is vulnerable, into reinstalling a key that is already in-use, which forces the nonce reuse in such a way that breaks encryption.
Devices running on Android 6.0 and later versions are far more vulnerable to be exploited with this vulnerability than other devices. Using KRACK, the attacker can force the device to reinstall a null, all-zero encryption key instead of the original key.
To protect your device, it is highly important to update all the wireless devices such as routers, laptops, phones, and tablets or whatever device you own with the latest security patches because updating them would prevent KRACK vulnerability. If your router hasn’t been fixed or a patch is not released then switch to Ethernet and turn off all the functions of wireless until a patch is released.