As we are living the "fallout" from the recently disclosed KRACK (Key Reinstallation AttaCK) vulnerabilities, I would like to know if anyone has any additional information or insights about it and also what Check Point has to say about it...
KRACK is an attack that targets the WPA2 (Wi-Fi Security Protocol) 4-way handshake and allows the attacker to do many nasty things like MITM, SSL strip, inject malicious data into communications, etc. The big issue here is that almost every implementation of WPA2 is affected, so all(most) of our Wi-Fi enabled devices (including our loved IoT) are at risk.
Details about the KRACK (official website):
KRACK Attacks: Breaking WPA2
KRACK Attacks: Bypassing WPA2 against Android and Linux - YouTube
Any additional thoughts here are welcome, including advisories about mitigations and what to do.