A key reinstallation attack vulnerability in the WPA2 wi-fi protocol has been made public today. Security researcher Mathy Vanhoef has identified what he dubs a “serious weakness” in the wireless protocol.
The tl;dr is that an attacker within range of a person logged onto a wireless network could use key reinstallation attacks to bypass WPA2 network security and read information that was previously assumed to be securely encrypted — thereby enabling them to steal sensitive data passing over the network, be it passwords, credit card numbers, chat messages, emails, photos, and so on.
“The attack works against all modern protected Wi-Fi networks,” according to Vanhoef.
Depending on network configuration, he says the vulnerability can also allow for an attacker to inject and manipulate data — such as by adding ransomware or malware to a website, for example.
