The vulnerability is in the WPA2 protocol used to protect home and institutional wireless networks.
Researchers have discovered a serious loophole in the wpa2 protocol, a common security protocol used to protect home and enterprise wireless networks, allowing hackers to intercept traffic between computers and wireless network points.
The researchers called the gap "KRACK," an acronym for "Key Reinstallation Attack," and more details of the breach are expected to be released today at the krackattacks.com website before it will be officially released on November 1, in a security conference in Dallas.
Because of the gravity of the breach, it has become secret and fraught with security weeks ago for fear that the details leaked to cyber criminals and hackers before finding a suitable solution to security vulnerabilities.
According to a researcher who has been briefed on the vulnerability, it is working by exploiting the so-called four-way handshake system used to create keys to encrypt traffic. In one step the key can be sent several times, and when sent in certain ways, encryption can be used in a way that completely undermines it.
The United States Computer Emergency Readiness Team issued a warning saying that the impact of exploiting these vulnerabilities includes decoding, hijacking TCP connections, injecting content in HTTP, and repeated data transfer attacks or delayed for malicious purposes, and all applications of this protocol will be affected by the vulnerability.
Ars Technica, one of the researchers, said Aruba and Ubiquitoy, which sell wireless access points to large companies and government organizations, already have updates available to patch or reduce the vulnerability.
According to the site, it is unlikely to correct the vast majority of access points quickly, and perhaps some may not be corrected at all.