The vulnerability is in WPA2, the main protocol that protects Wi-Fi networks. Hackers can use a technique known as key reinstallation attacks, or Krack for short, to intercept information sent over networks that users thought were encrypted, the researcher says.
"Nobody has ever found this vulnerability," said Matthew Green, assistant professor of computer science at Johns Hopkins University. “It’s pretty serious.”
Who does this affect?
WPA2 is the “industry standard” and has been heavily relied upon as the “best level of protection for your information,” said Emma Garrison-Alexander, vice dean for cybersecurity and information assurance in the graduate school at the University of Maryland University College.
“It’s really the fundamental way our wireless communication is protected today,” she said.
Mathy Vanhoef, the researcher who discovered the protocol vulnerability, said on his website that any device that uses Wi-Fi is probably vulnerable. That means a router, a phone, a laptop, a smart TV or even a Wi-Fi enabled refrigerator that uses WPA2 protocol could be susceptible.
Vanhoef said the attack works against all modern protected Wi-Fi networks, and that his team found during its research that systems powered by Android, Apple, Windows, Linux and others were all affected by “some variant” of the attacks.
Timely, incisive articles delivered directly to your inbox.