Details have emerged of a major vulnerability that affects basically all modern wi-fi routers.
Modern wi-fi routers use a type of security protocol called WPA2, this was created by the Wi-Fi Alliance to keep strangers from spying on what websites you are visiting.
It now seems that WPA2 is not as secure as once thought. A researcher called Mathy Vanhoef has recently discovered a major flaw in WPA2 which he has called KRACK (Key Reinstallation Attacks). This flaw can allow eavesdropping attacks, ransomware and other malicious code injections.
Vanhoef believes this security flaw can be used to steal sensitive information such as credit card details, passwords and emails to name a few.
The good news is that in order to perform this attack, the attacker needs to be physically close enough to the wi-fi signal to connect to it, and patches are already rolling out for affected devices. This means that KRACK targets can’t be hit from anywhere in the world, unlike some malicious attacks we’ve seen in the past.
It’s believed that any site using HTTPS before the URL are still secure so make sure you try to limit your browsing on wif-fi to HTTPS sites.
For the next few days we recommend staying off public wi-fi, stick to HTTPS sites and install any available patches onto your device.