Recent work published by Mathy Vanhoef has exposed a weakness in the WPA2 protocol. WPA2 has been in existence for around 15 years, which now seems ironic as it was originally created due a severe weakness in the former WEP protocol.
This has led to some panic in the industry around the world, as well as for home users, as vendors rush to release patches for their products that implement the WPA2 protocol. The Wi-Fi alliance have already released a vulnerability testing tool to help any Wi-Fi Alliance member to test their product. Larger vendors such as Google and Intel are already working on a fix, while Microsoft has already released a patch to its customer base last Tuesday.
In short, the vulnerability that exists is due to the 4-way handshake. When a fresh encryption key is requested, typically when a client joins a WPA2 protected network, the 4-way handshake is triggered. When the third message as part of the 4-way handshake is received, the encryption key is installed. The weakness exists whereby an attacker can effectively act as a person-in-the-middle by replaying the third message of the 4-way handshake. This results in typical WPA2 encrypted packets become visible in effectively plain text, allowing further attacks such as snooping, replay attacks and forged packets to be sent.
While it may take some weeks for many vendors to release fixes for their products, the real question that remains to be seen is how fast will organised crime and nation state-sponsored attack groups take full advantage of this by creating a working exploit for this in the interim.
And that is assuming that the bad actors out there aren’t already taking full advantage of this, seeing that the research paper was submitted for review back on 19 May 2017. My recommendation would be to take extra caution when connecting to any WPA2 network, and preferably, use a VPN service to add an extra layer of security.
We are not in a position to determine if this vulnerability has been (or is being) actively exploited in the wild