UPDATE3: On a website dedicated to the “Key Reinstallation Attacks,” https://www.krackattacks.com/, the researcher who brought attention to this vulnerability describes what it is, presents a demo of the attack against an Android device as client, and suggests practical steps in a rich Q&A article.
UPDATE2: More companies have updates available. Microsoft also has released an update for client devices. (Source: Pileum Corporation)
UPDATE1: Several Wi-Fi AP manufacturers have started developing and releasing Updates. Please check the CERT website below for updates. One of the most recent ones is Meraki access point.
In a research paper titled “Key Reinstallation Attacks: Forcing Nonce Reuse in WPA,” Leuven, Belgium researchers Mathy Vanhoef and Frank Piessens just proved that WPA2 handshake traffic can be manipulated to induce nonce and session key reuse. Here is an overview of the announcement from CERT:
Wi-Fi Protected Access II (WPA2) handshake traffic can be manipulated to induce nonce and session key reuse, resulting in key reinstallation by a wireless access point (AP) or client. An attacker within range of an affected AP and client may leverage these vulnerabilities to conduct attacks that are dependent on the data confidentiality protocols being used. Attacks may include arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast and group-addressed frames.
The simplest solution is to install updates provided by your Wi-Fi device vendor.
- CERT’s Vulnerability Note VU#228519
- Aruba FAQ on WPA Security Vulnerability
- arsTechnica’s article: Serious flaw in WPA2 protocol lets attackers intercept passwords and much more.