According to an article from eweek.com, these new vulnerabilities are collectively referred to as “KRACK Attacks,” and were publicly disclosed on Oct. 16.  The KRACK vulnerabilities define new approaches to exploit the way that WPA2 generates a session encryption key.

Researchers have known about this vulnerability for months, but withheld this information to give manufacturers an opportunity to create patches and updates for wireless network and end user devices before this vulnerability was made public.

If you would like to read the entire article – Click Here

Recommended Action:
Simply changing your WPA2 password will not save you.  You will need to check the website of your end user device (phone, computer, smart watch, etc…) manufacturer to download the latest update that addresses this vulnerability.  Keep in mind, not all end user devices manufactures have a fix in place, so you will need to keep checking their website for the patch or firmware update that will close this security gap.

If you have any questions about this vulnerability, reach out to me directly at devon.carter@cartekconsulting.com

Respectfully,

De’Von Carter
CarTek Consulting, LLC
Founder/Managing Member