Anybody that has a WiFi router might want to be sure to have their login details close at hand throughout the course of today.
That’s because later today security researcher Mathy Vanhoef will reveal a potentially disastrous vulnerability in the WPA2 protocol.
The Wifi Protected Access protocol appears to have been cracked by Vanhoef according to Gizmodo which took a look at the source code of the researcher’s website Krack Attacks and found this throw forward.
“This website presents the Key Reinstallation Attack (KRACK). It breaks the WPA2 protocol by forcing nonce reuse in encryption algorithms used by Wi-Fi.”
It appears then that the random number generation that WPA uses to create group keys is not so random after all. Truth be told we heard utterances of this last year from Vanhoef who published a white paper that alleged a compromise of WPA2 group keys was possible.
Details about what the vulnerability is however are thin on the ground but word on the internet is that Vanhoef will reveal exactly what the vulnerability entails at 2pm this afternoon. If this concerns you (and if you use WiFi it really should) we recommend keeping an eye trained on htxt.africa.
[Image – CC by 2.0 Simon A]