This website presents the Key Reinstallation Attack (KRACK). It breaks the WPA2 protocol by forcing nonce reuse in encryption algorithms used by Wi-Fi.
The Tumblr app itself isn’t affected, but this news about KRACK is definitely something to watch. Keep an eye out for vendor patches for this and update as soon as a stable one’s available.
Synopsis:
The KRACK attack, detailed in the paper Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 by Mathy Vanhoef is a flaw in the WPA2 4-way handshake that affects most implementations and, per the paper, every Wi-Fi device is vulnerable to some variant of the attack.
The flaw allows the attacker to force the victim into reinstalling an already-used key which, pending the specific handshake, the impact ranges between packet decryption, replays, forgery and injection.
It does have to be noted that even when the key is reinstalled, the attacker still needs to break the keystream to be able to successfully decrypt the packets. However, packet-level cryptanalysis is not considered difficult and can be done both manually or automated.
Related Links:
https://www.krackattacks.com/
Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2
CVE-2017-13077
CVE-2017-13078
CVE-2017-13079
CVE-2017-13080
CVE-2017-13081
CVE-2017-13082
CVE-2017-13084
CVE-2017-13086
CVE-2017-13087
CVE-2017-13088
