[Cryptography] Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping

Erwan Ounn erwan.ounn.84 at gmail.com
Mon Oct 16 13:53:50 EDT 2017

> On Oct 16, 2017, at 15:41, Sidney Markowitz <sidney at sidney.com> wrote:
> According to this article, a protocol level vulnerability has been found in
> WPA2 that allows an attacker to eavesdrop on WPA2 protected WiFi traffic. As a
> vulnerability in the protocol it potentially affects all compliant
> implementations of WPA2.
> https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/
> It links to an article by one of the researchers who found it at
> https://github.com/vanhoefm/krackattacks/blob/gh-pages/index.html
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography

It’s indeed a critical vulnerability. FYI, you can read more about it on the researcher’s webpage: https://www.krackattacks.com/ <https://www.krackattacks.com/>

Quoting the relevant bits (emphasis mine):

We discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks. […] Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted.


This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on.The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data.


The research behind the attack will be presented at the Computer and Communications Security (CCS) <https://acmccs.github.io/session-F3/> conference, and at the Black Hat Europe <https://www.blackhat.com/eu-17/briefings/schedule/#key-reinstallation-attacks-breaking-the-wpa2-protocol-8861> conference. Our detailed research paper <https://www.krackattacks.com/#paper> can already be downloaded.

Discovered by Mathy Vanhoef of imec-DistriNet, KU Leuven
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20171016/d6f987d8/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20171016/d6f987d8/attachment.sig>

More information about the cryptography mailing list