Submitted by grawlings on Wed, 10/18/2017 - 12:31
According to cyber-security researchers Frank Piessens and Mathy Vanhoef from Belgium’s Katholieke Universiteit Leuven, there is a dangerous flaw in the WPA2 protocol which can be exploited by cybercriminals to intercept emails, passwords and other kinds of encrypted data. However, this will be successful only if the attacker is within the range of the vulnerable device or access point.
An attacker can also inject malicious content such as ransomware into a website when a client is visiting. The proof-of-concept of this exploit has been dubbed as KRACK, which is an abbreviation of Key Reinstallation Attacks. The findings of the research were disclosed on Monday followed by an advisory by US-CERT that has been distributed to nearly 100 organizations. In the advisory, it is stated that: