Infact Wifi it has allways some risks that could never become equal to 0.
Vulnerability found it is related to Wi-fi Protected Access 2 (WPA2). It does not permit to acquire WPA2 password but man in the middle
The idea it is that each person that is near to Wi-Fi could implement Key Reinstallation AttaCK (KRACK) and read trassferred data between PCs and router/access point (man in the middle attack with password, email, sensitive date reading...).
this kind of attack is really efficace against Android/Linux that use wpa_supplican during wi-fi connection process (but it could be applied to all O.S./devices as well)
You can take a look to this article that better explain an example on how to get this result.
These results could be reached using these tools:
Kali Linux, la suite per gli attacchi WiFi Aircrack-ng, il software per eliminare la protezione HTTPS denominato SSLstrip e WireShark.
Summarizing attack procedure steps:
- Using vulnerability it create a Wifi fake with same SSID but on different channel.
- It switch remote device to connect to new fake Wifi and decript all traffick that became in clear mode.
To solve issue you should:
1. Upgrade Router/access point firmware
2. pcs/mobile devices o.s. (more urgently)
It is available this Python Script to understand if your devices is vulnerable:
