Hello Everyone,
There has been a new security flaw found in the WPA2 stack a security researcher was able to manipulate handshake packets in the 4 way WPA handshake and perform a key re-installation attack.
1.)T he basics of this attack is that an attacker would need to be in close range of your network
2.) The attacker manipulate the 3rd stage of the handshake process which tricks the client to install a key that is already in use thus allowing the attacker to read all of the traffic that should be encrypted via WPA
It has been found that Linux ,MAC and Android devices are most vulnerable since an implementation bug allows for the devices to install an all zero key
This is a perfect example as to why it is important to be using a VPN service when connected to a public WI-FI if you did fall victim to this attack it would be in-effective if the traffic were encapsulated in a VPN tunnel.
See below for a demo of this attack from the researcher who found the exploit.
It is highly recommended to check your router for firmware updates if not available it may be time to replace your WI-FI router to better protect your self
Also you will want to check for software patches on your operating systems to patch this vulnerability .
With sources from securityaffairs.co/wordpress/64373/breaking-news/wpa-krack-attack.html