Researchers have discovered critical gaps in the WLAN security standard WPA2.
Multiple security gaps in the handshake of the WPA2 protocol threaten the security of WLAN networks. If AES-CCMP is used, packets can be decrypted (making it possible, for example, to eavesdrop on TCP-SYN packets in order to take over a connection). If the outdated TKIP protocol is used, the effects are much more serious, as forged packets can also be smuggled in. For clients using Android 6.0 or wpa_supplicant under Linux, the effects are catastrophic, as a key consisting only of zeros can be enforced here. Intercepting and manipulating the traffic of such a client becomes trivial.
The vulnerabilities, known as Key Reinstallation Attacks (KRACK), were published at www.krackattacks.com. Heise has a German-language report on the topic.