The United States Computer Emergency Readiness Team has issued a vulnerability note for a major hole affecting the Wi-Fi Protected Access 2 standard that password-protects networks around the world.

The exploit was first publicized by Mathy Vanhoef of the Katholieke Universiteit Leuven in Belgium. It affects a four-party verification process where the user client connects to the access point, the client and the access point synchronize network credentials and then create and share a unqiue encryption key to protect the contents of web traffic.

The fault lies in the setting of encryption key. Hackers can intercept the process and manipulate it so that one pre-set key can be installed over and over again and that the packets of data, from banking info to information about many accounts, can be siphoned, easily decrypted and divulged. Forged packets can also be inserted into traffic, causing the installation of malware.

The Wi-Fi network password is completely irrelevant to this exploit.

Linux-based systems’ clients are especially vulnerable as an all-zero key can be planted. Android devices with version 6.0 or later have this client as well. However, traffic from Windows, iOS and macOS systems will still have plenty of penetration.

Vanhoef first published his whitepaper in May and began notifying manufacturers in July. CERT sent a notification to vendors in late August. And you can bet that all parties of good faith are working towards a patch.

Until then, check the website of your router’s manufacturer and see if there’s a firmware update you can send along. Bypass Wi-Fi by using your cell service or a walled Ethernet connection. Consider using a VPN full-time if you must use Wi-Fi. And, most importantly, don’t panic.

You May Also Like

Possible codenames and processors of Google Pixel 4a devices have emerged

We have the possible codenames and processors that may arrive in the upcoming Google Pixel 4a series, and maybe more Pixel devices

Samsung Galaxy S20 Ultra to arrive with a 40MP selfie camera?

Samsung Galaxy S20 Ultra may get the largest sensor ever found in a selfie camera, and 10x zoom capabilities in the S20 and S20+ is questionable

Facebook has stopped plans to insert ads into WhatsApp, for now

According to a new report, Facebook plans for integrating ads into WhatsApp may be on hold, at least for a while