The research team behind the discovery of the recently announced WPA2 standard KRACK vulnerabilities have disclosed a particularly catastrophic variant of the attack that leaves all Android devices running version 6.0 and above, around 50% of all active devices according to the Android Developer Dashboard, vulnerable to this attack.
Android 6.0 and above, along with many Linux variants, use a newer version of the wpa_supplicant application that is the vector for this variation of the attack. This version of the wpa_supplicant allows an attacker to easily intercept encrypted wireless traffic without needing to know the WPA2 Pre-SharedKey (PSK) for the network.
This client-based attack uses a flaw in the "handshake" component of the WPA protocol that negotiates and confirms the validity of encryption keys between client and wireless network devices. This version of the wpa_supplicant clears the encryption key from memory once it is installed the first time allowing the researchers to insert an all-zero encryption key which, in turn, allows traffic to be easily intercepted with this known key. This traffic could include passwords, cookies, or other sensitive data.
Microsoft has already announced they have fixed their variant of the issue in its affected operating systems and the Lineage OS custom Android ROM code base has been updated to introduce code making it more resistant to the exploit. It is expected that Google will be updating their currently-supported devices with security patches to fix this vulnerability shortly, but it is unclear what will happen with older now-unsupported devices and devices from other manufacturers.
Source: KRACK Attacks via The Verge | Image via uservice_spb (Flickr)