The HOTnew trend is to name the vulnerability that was found with a cool catchy name (CVE’s just don’t cut it anymore), this one holds the name “KRACK”. Other notable vulnerabilities that were named other than this one being Heartbleed, Badlock and ImageTragick.
The embargo on this vulnerability broke at 6AM EST, 10/16/2017 and the following eruption and hype up this this point was very interesting. The technicality of this attack lies in the 4 way handshake in authentication with WPA2 and the mechanism is described much better than I would be able to describe in the sources listed at the bottom.
The implications and proposed fixes here are what are interesting. In the paper countermeasures are listed as mitigation of the key installation attacks and changing the way the Pairwise Transient Keys (PTK) is negotiated. The questioning of the 802.11 standards ambiguity continues in part 6.6 of Discussion as well as the way proofs work theoretically and in practice and whether or not these differ. Finally the fact that nonce recuse is present in GCMP and not CCMP and can be mitigated by the use of a nonce misuse-resistant encryption scheme would reduce the total impact. This is all the information from the paper however, I stumbled upon a Github Repo that is a bit dated at the time of writing that addresses other inherent security flaws that are how WPA2 networks were previously compromised in what is called “Call for WPA3 – what’s wrong with WPA2 security and how to fix it”.
Wireless communication isn’t going away and I believe that rolling the call for WPA3 in the form of a restructure of how WPA works as well as questioning the way the 802.11 standard is built are overall beneficial in making wireless networking as secure as possible. The other interesting takeaway is the idea that the way that the general gap between the way things work theoretically or from a design perspective vs actually in a environment is something that academia and practitioners will not soon get away from.
Sources:
CVE
Bleeping Computer Article
Hip Website
PDF Writeup