[Cryptography] Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping

[Patrick]

Sidney Markowitz wrote on 10/16/2017 09:41 AM:
> According to this article, a protocol level vulnerability has been found in
> WPA2 that allows an attacker to eavesdrop on WPA2 protected WiFi traffic. As a
> vulnerability in the protocol it potentially affects all compliant
> implementations of WPA2. ...

I have an Eero mesh network at home/office, and I've been meaning to
check for upgrades soon.  To my delight, I just received this email:

From:  The eero team <support at eero.com>
Subject: Your network's been automatically updated
Body:
~~
We're proud of introducing mesh WiFi to the home, but our most important
innovation may be the ability to automatically and reliably update every
eero system. Unlike a traditional manual process, automatic over-the-air
(OTA) software updates bring improved performance and new features — and
allow us to respond to ever-evolving security threats in real time.
Without requiring you to do anything.

Most months we push a planned OTA update, but last week we released an
ad hoc software patch to fix a vulnerability called KRACK in the WPA2
security protocol used by almost all WiFi-connected devices (like
routers and smartphones) to encrypt network traffic. While KRACK is very
difficult to exploit and there have been no reports of anyone
successfully doing so, eero moved immediately, updating 100% of networks
in less than a week..

Learn more about KRACK and how eero keeps your network safe with OTA
updates on our blog.
~~


I gotta tell ya, that's just amazing.  It gives me the good chills.


-- Patrick