It works like this: A hacker finds a vulnerable WPA2 network, and then makes an exact copy of it, including impersonating the MAC address. This clone then serves as a “man in the middle” allowing the hacker who controls it to intercept everything passing through it.
WPA2 encryption requires a unique key to encrypt each block of plain text, but because Krack attacks make a copy that’s indistinguishable from the original, they’re able to use the same encryption key.
As bad as that is, it gets worse for Android and Linux users. Thanks to a bug in the WPA2 standard, these devices don’t force the client to demand a unique encryption key with each use. Instead, they allow the key to be “zeroed out,” literally creating an encryption key containing all zeroes, which interferes with a key part of the handshake process.In addition to that, hackers can deploy specialized scripts that can cause the connection to bypass HTTPS, which leaves passwords and other normally protected data exposed.
If there’s a silver lining, it is that the attack can’t be used to target routers directly, but honestly, that’s not much of a silver lining, because the potential damage this new vector could cause is virtually without limit.
Unfortunately, until a patch is released, there’s not much you can do, short of turning off WiFi altogether. This may work for smartphone users, but it is simply impractical for routers.
There’s some good news, though. The fix should be relatively easy to implement, although no ETA has been given at this point. The Verge says, “Microsoft is currently deploying a Windows patch, and Apple says that a patch for the bug is currently deployed in the beta versions of iOS, macOS, watchOS and tvOS. (The patch is expected to go public in the coming weeks.) Android phones will probably be the hardest to patch: the ecosystem is notoriously slow to deploy patches, and because of a specific implementation issue, more than a third of Android phones are vulnerable to a simpler form of the attack. Google has promised to deploy an Android patch in the coming weeks, but it may be some time before that patch will reach non-Pixel devices.”
wired reports, “There’s some good news: Most current versions of iOS and Windows aren’t vulnerable, or are only vulnerable in one niche circumstance, because of the way Apple and Microsoft implemented the WPA2 standard to prevent resends of the third handshake message. But the millions and millions of impacted devices will present a challenge to fix.”