This appears to be somewhat serious; it will probably require people
to reflash the firmware in some or all of their wireless devices when
fixes become available. How one reflashes IoT devices is problematic.
- Brian
From ARSTechnica:
"The proof-of-concept exploit is called KRACK, short for Key
Reinstallation Attacks. The research has been a closely guarded
secret for weeks ahead of a coordinated disclosure that's scheduled
for 8 a.m. Monday, east coast time. An advisory the US CERT recently
distributed to about 100 organizations described the research this way:
"US-CERT has become aware of several key management vulnerabilities in
the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security
protocol. The impact of exploiting these vulnerabilities includes
decryption, packet replay, TCP connection hijacking, HTTP content
injection, and others. Note that as protocol-level issues, most or all
correct implementations of the standard will be affected. The CERT/CC
and the reporting researcher KU Leuven, will be publicly disclosing
these vulnerabilities on 16 October 2017."
https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-…