So-called Krack attacks could cause significant problems across the internet.
Researchers have uncovered a potentially devastating security flaw in the WPA2 Wi-Fi encryption protocol. Hackers could use the vulnerability to intercept passwords, credit card numbers, and other sensitive information.
According to KU Leuven University’s Mathy Vanhoef and Frank Piessens, these flaws, called Key Reinstallation Attacks or Krack Attacks, are in the WiFi standard and not specific products. Therefore, any router, smartphone, or PC could be impacted.
The team who found the attack say those using Linux and Android 6.0 or later could be most affected (“exceptionally devastating”) although anyone using Wi-Fi should be concerned.
To prevent the attack, users must update affected products as soon as security updates become available. Note that if your device supports Wi-Fi, it is most likely affected. During our initial research, we discovered ourselves that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by some variant of the attacks. For more information about specific products, consult the database of CERT/CC, or contact your vendor.
We’ll continue to follow this story and update this post as warranted. In the meantime, be on the lookout for security updates for your Wi-Fi routers.