The seriousness of KRACK and the threat posed by Wi-Fi vulnerabilities to IoT-enabled devices should not be underestimated, say experts.
This week, the headlines have been full of KRACK, ever since security researchers revealed on Monday the existence of several major security vulnerabilities that could be exploited to steal sensitive information from devices connected to a wireless network.
These exploits are known as Key Reinstallation Attacks – hence the term KRACK – and they affect the WPA2 protocol that is the current industry standard for encrypting traffic on Wi-Fi networks. In other words, a skilled hacker could intercept and manipulate the traffic flowing between a connected device and the web.
The only good news in this whole mess seems to be that the attacker needs some physical proximity to the device itself in order to succeed in this kind of attack. At the very least, that vastly reduces the possibility that KRACK could be used to create botnets.
Source: Analysis: Researchers reveal KRACK in the IoT | Internet of Business