The Threat
Researchers have discovered a flaw that exploits the 4way handshake used by WPA and WPA2. Attackers can reset the encryption key used, allowing them the ability to decrypt some traffic, perform TCP hijacking and perform HTTP injection on vulnerable devices.

On Android 6.0+ and Linux devices all non-HTTPS traffic can be decrypted. Due to skill and proximity barriers, eSentire does not consider this to be an immediate threat. Researchers have stated that they will release proof-of-concept code at "a later date". Therefore, we highly recommend the deployment of patches as they’re released.

Recommended Action
eSentire highly recommends evaluating and deploying patches as they become available from vendors.

Additional Information

eSentire Media Contact

Rebecca Freiburger | eSentire | [email protected] | +1 226-924-4679

Ready to start the conversation about cybersecurity?

Let's Talk