MANILA, Philippines – Researchers are planning to disclose vulnerabilities in the WiFi Protected Access II (WPA2) security protocol on Monday, October 16.
The issues with WPA2, currently known as a proof-of-concept exploit called KRACK (Key Reinstallation Attacks), allow “attackers to eavesdrop Wi-Fi traffic passing between computers and access points,” Ars Technica reported.
The US Computer Emergency Readiness Team explains the upcoming disclosure in a short announcement:
“US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on October 16, 2017.”
The coordinated disclosure is scheduled for 8:00 am EST on October 16 (8:00 pm, October 16, PH time) and is set to be revealed on KrackAttacks.com, though a formal presentation is scheduled for November 1 through the ACM Conference on Computer and Communications Security in Dallas, Texas. – Rappler.com