LEUVEN, Belgium—A Belgian security researcher has discovered a "serious weakness" in the WPA2 security protocols used to encrypt many WiFi communications, according to a new report.
Security researcher Mathy Vanhoef at Belgium's KU Leuven University warns that attackers can exploit the flaws to eavesdrop as well as potentially inject code such as malware or ransomware into WiFi-connected system, Bank Info Security reported.
Vanhoef has launched a website, krackattacks.com to describe the vulnerabilities in Wi-Fi Protected Access 2, or WPA2. He says the flaws "can be exploited using a so-called key reinstallation attack - or KRACK - which refers to replacing an in-use key with an attacker-created one," Bank Info Security reported.
Most WiFi networks that use WPA2, including personal and enterprise WPA2 networks, appear to be vulnerable. Successful exploits allow an attacker to gain man-in-the-middle access to communications and potentially inject malicious data, including malware or ransomware, Vanhoef said in the Bank Info Security report.
"Attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted," Vanhoef said. "This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos and so on. The attack works against all modern protected Wi-Fi networks."