All WiFi Devices Vulnerable To KRACK Attacks
Security researchers claimed to have found severe vulnerabilities in WPA2 ( WiFi Protected Access II). This is an extremely popular security protocol, so much so that it used by almost every WiFi device on the planet. The vulnerabilities can allow anyone near your your router to access the WiFi traffic being sent through it.
There is a dedicated website called krackattacks.com, named after the proof-of-concept attack called KRACK (Key Reinstallation Attacks). Researcher Mathy Vanhoef of imec-DistriNet, KU Leuven.
Concretely, attackers can use this novel [KRACK] attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks.
The attack targets WiFi clients using WPA2, and compromises the encryption protocol used for communicating with the router. Once this is done, any data or information that the victim transmits can be decrypted. He adds that the attack is exceptionally devastating against Linux and smartphones running Android 6.0 or higher, though devices running Apple’s mobile and desktop operating system, Windows, OpenBSD etc. are all vulnerable, too. To protect yourself against attacks, it’s Wi-Fi clients like laptops, smartphones, smart home devices, and the likes, will need to install security updates.
Our main attack is against the 4-way handshake, and does not exploit access points, but instead targets clients. So it might be that your router does not require security updates
The vulnerabilities have been assigned Common Vulnerabilities and Exposures (CVE) identifiers: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086,CVE-2017-13087, and CVE-2017-13088.