Security Medium 1 – WPA WiFi Encryption Develops KRACKs
This week started with a big security news announcement (responsibly disclosed, which is nice). Security researchers at the Belgian university KU Leuven revealed a collection of related attacks against the WPA2 protocol (WiFi Protected Access version 2). The problem at the root of these attacks was not related to any specific implementation of the spec, but with the spec itself, so every manufacturer who implemented the spec correctly would have introduced these vulnerabilities into their WiFi drivers. Because you have to give a bug a fancy name to get any media attention these days, it was given the somewhat strained pseudo-acronym KRACKs, from key reinstallation attacks.
We’re not going to go into the technical minutia here, but I have included links to some good explanations below. I do want to give a high-level overview of the problem though.