There is a “serious weaknesses in WPA2, a protocol that secures all modern protected wifi networks,” says Mathy Vanhoef, a postdoctoral researcher in network security at Belgian university KU Leuven, who discovered the weakness during his research.
“An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs),” he added.
This means that information that passes through all modern wifi networks including passwords, emails, banking details, can potentially be stolen by hackers with the knowledge to implement KRACKS, regardless of the network being password protected or open.
Attack
The weakness, says Mr Vanhoef, is not in the particular router, smartphone, or laptop being used; it is inherent in the wifi standard WPA2. Worryingly, he added: “if your device supports wifi, it is most likely affected”.
Mr Vanhoef said that changing the wifi password on a router will do nothing to prevent or mitigate an attack. Security updates, if and when they are issued by device manufacturers, are the only prevention and should be installed as soon as they become available.