WPA2 WiFi encryption compromised in KRACK crack

US researchers confirm exploit that can hack any WPA-2 wireless network

The Wi-Fi Protected Access II (WPA2) protocol that protects almost all WiFi networks has been cracked, potentially compromising every home or business router, iPhones, Android smartphones, Windows and Linux operating systems - anything that relies on, or uses, WiFi.

A team led by the US government will provide full details later today, but have already confirmed that an exploit they call 'KRACK' - short for Key Reinstallation Attacks - is able to break the encryption layer.

The US Computer Emergency Readiness Team (US-CERT) has confirmed the seriousness of the exploit.

At this stage, it's not clear how easy it is for a hacker to use KRACK, and so the scale of the problem is still somewhat up in the air. However, it does evoke a renewed threat of 'war driving' from the early days of WiFi networking.

And When WPA1 was cracked back in 2009, it took a minute to execute the attack and to access the data.

The full warning, at the moment, reads: "US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol.

"The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others.

"Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017."

In other words, this is as bad as it gets. It has the potential to be Heartbleed on steroids (or on KRACK, if you insist) and there's pretty much nothing any of us can do about it at the moment.

Full details (and therefore how much we should worry) will appear later at krackattacks.com before a formal presentation of researcher findings at a talk called "Key Reinstallation Attacks: Forcing Nonce Re-use in WPA2" at the ACM Conference on Computer and Communications Security in Dallas on 1 November.