Mathy Vanhoef, a researcher, discovered the vulnerability in the WPA2 protocol (which is used by any Wi-Fi network). This flaw allows attackers to not only read encrypted network information, but also to modify and install malware on vulnerable devices.
This vulnerability is called "KRACKS" - key reinstallation attacks.
Because of the nature of the attack, any client device, capable of connecting to a Wi-Fi network can be a target.
CERT provided a detailed list of vendors vulnerable to the attack:
Aruba Network
Cisco
Espressif Systems
Fortinet, Inc.
FreeBSD Project
Google
HostAP
Intel Corporation
Juniper Networks
Microchip Technology
Microsoft Corporation
OpenBSD
Peplink
Red Hat, Inc.
Samsung Mobile
Sierra Wireless
Toshiba Commerce Solutions
Toshiba Electronic Devices & Storage Corporation
Toshiba Memory Corporation
Ubiquiti Networks
Ubuntu
Watchguard Technologies, Inc.
ZyXEL
These vendors are listed under status "unknown":
3com Inc
ACCESS
Actiontec
Aerohive
Alcatel-Lucent
Alpine Linux
Amazon
Android Open Source Project
Apple
Arch Linux
ARRIS
AsusTek Computer Inc.
Atheros Communications, Inc.
AT&T
Avaya, Inc.
Barnes and Noble
Barracuda Networks
Belkin, Inc.
BlackBerry
Blue Coat Systems
Broadcom
Brocade Communication Systems
CA Technologies
CentOS
Check Point Software Technologies
CMX Systems
Contiki OS
CoreOS
Cypress Semiconductor
D-Link Systems, Inc.
Debian GNU/Linux
Dell
DesktopBSD
Devicescape
dnsmasq
DragonFly BSD Project
EfficientIP SAS
EMC Corporation
ENEA
Ericsson
European Registry for Internet Domains
Extreme Networks
F5 Networks, Inc.
Fedora Project
Force10 Networks
Foundry Brocade
gdnsd
Gentoo Linux
GNU adns
GNU glibc
HardenedBSD
Hewlett Packard Enterprise
Hitachi
HTC
Huawei Technologies
IBM, INC.
Infoblox
Internet Systems Consortium
Internet Systems Consortium - DHCP
JH Software
Joyent
Kyocera Communications
Lantronix
Lenovo
LG Electronics
Lynx Software Technologies
m0n0wall
Marvell Semiconductor
McAfee
MediaTek
Medtronic
Motorola, Inc.
NEC Corporation
NetBSD
Netgear, Inc.
Nexenta
NLnet Labs
Nokia
Nominum
OmniTI
OpenDNS
OpenIndiana
Openwall GNU/*/Linux
Oracle Corporation
Oryx Embedded
Philips Electronics
PowerDNS
Pulse Secure
QNX Software Systems Inc.
Quadros Systems
QUALCOMM Incorporated
Quantenna Communications
ReactOS
Redpine Signals
Rocket RTOS
Ruckus Wireless
SafeNet
Secure64 Software Corporation
Slackware Linux Inc.
SmoothWall
Snort
Sony Corporation
Sophos, Inc.
Sourcefire
Stryker
SUSE Linux
Symantec
TCPWave
TippingPoint Technologies Inc.
Tizen
TP-LINK
TrueOS
Turbolinux
Unisys
Welch Allyn
Wind River
WizNET Technology
Xiaomi
Xilinx
Zebra Technologies
Zephyr Project
So, what to do now? Try to stay away from public or corporate Wi-Fi networks. In case of this vulnerability a simple password reset does not help. The devices will receive a patch to prevent attackers from intercepting the Wi-Fi traffic. Stay safe!
Would you like to try it out?
Here is the DIY instruction video. (scary? frightening? informative?)
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Wow, very informative...and scary :)
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
nice video :)
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit