WPA2 WiFi security protocol breached, experts warn

MANILA, Philippines – Researchers are planning to disclose vulnerabilities in the WiFi Protected Access II (WPA2) security protocol on Monday, October 16.

The issues with WPA2, currently known as a proof-of-concept exploit called KRACK (Key Reinstallation Attacks), allow "attackers to eavesdrop Wi-Fi traffic passing between computers and access points," Ars Technica reported.

The US Computer Emergency Readiness Team explains the upcoming disclosure in a short announcement:

"US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on October 16, 2017."

The coordinated disclosure is scheduled for 8:00 am EST on October 16 (8:00 pm, October 16, PH time) and is set to be revealed on KrackAttacks.com, though a formal presentation is scheduled for November 1 through the ACM Conference on Computer and Communications Security in Dallas, Texas. – Rappler.com

Victor Barreiro Jr.

Victor Barreiro Jr is part of Rappler's Central Desk. An avid patron of role-playing games and science fiction and fantasy shows, he also yearns to do good in the world, and hopes his work with Rappler helps to increase the good that's out there.

image