Time to look at your Wifi AP vendor for a solution. Ubiquity says they'll have one shortly, not sure how long for others and for client OS's.
This could get ugly, especially for businesses.
Z
The proof-of-concept exploit is called KRACK, short for Key Reinstallation
Attacks. The research has been a closely guarded secret for weeks ahead of a
coordinated disclosure that's scheduled for 8 a.m. Monday, east coast time. An advisory the US CERT recently distributed to about 100 organizations described the research this way:
"US-CERT has become aware of several key management vulnerabilities in the
4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The
impact of exploiting these vulnerabilities includes decryption, packet replay,
TCP connection hijacking, HTTP content injection, and others. Note that as
protocol-level issues, most or all correct implementations of the standard will
be affected. The CERT/CC and the reporting researcher KU Leuven, will be
publicly disclosing these vulnerabilities on 16 October 2017."
https://arstechnica.com/information-...eavesdropping/
https://papers.mathyvanhoef.com/ccs2017.pdf
This could get ugly, especially for businesses.
Z
The proof-of-concept exploit is called KRACK, short for Key Reinstallation
Attacks. The research has been a closely guarded secret for weeks ahead of a
coordinated disclosure that's scheduled for 8 a.m. Monday, east coast time. An advisory the US CERT recently distributed to about 100 organizations described the research this way:
"US-CERT has become aware of several key management vulnerabilities in the
4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The
impact of exploiting these vulnerabilities includes decryption, packet replay,
TCP connection hijacking, HTTP content injection, and others. Note that as
protocol-level issues, most or all correct implementations of the standard will
be affected. The CERT/CC and the reporting researcher KU Leuven, will be
publicly disclosing these vulnerabilities on 16 October 2017."
https://arstechnica.com/information-...eavesdropping/
https://papers.mathyvanhoef.com/ccs2017.pdf
Comment