The Threat
Researchers have discovered a flaw that exploits the 4way handshake used by WPA and WPA2. Attackers can reset the encryption key used, allowing them the ability to decrypt some traffic, perform TCP hijacking and perform HTTP injection on vulnerable devices.

On Android 6.0+ and Linux devices all non-HTTPS traffic can be decrypted. Due to skill and proximity barriers, eSentire does not consider this to be an immediate threat. Researchers have stated that they will release proof-of-concept code at "a later date". Therefore, we highly recommend the deployment of patches as they’re released.

Recommended Action
eSentire highly recommends evaluating and deploying patches as they become available from vendors.

Additional Information

eSentire Media Contacts

Mandy Bachus | eSentire | [email protected] | +1 519.651.2200 x5226 | @MandyBachus

Angela Tuzzo | MRB Public Relations | [email protected] | +1 732.758.1100 x105 | @MRB_PR

Ready to start the conversation about cybersecurity?

Let's Talk