The United States Computer Emergency Readiness Team has issued a vulnerability note for a major hole affecting the Wi-Fi Protected Access 2 standard that password-protects networks around the world.

The exploit was first publicized by Mathy Vanhoef of the Katholieke Universiteit Leuven in Belgium. It affects a four-party verification process where the user client connects to the access point, the client and the access point synchronize network credentials and then create and share a unqiue encryption key to protect the contents of web traffic.

The fault lies in the setting of encryption key. Hackers can intercept the process and manipulate it so that one pre-set key can be installed over and over again and that the packets of data, from banking info to information about many accounts, can be siphoned, easily decrypted and divulged. Forged packets can also be inserted into traffic, causing the installation of malware.

The Wi-Fi network password is completely irrelevant to this exploit.

Linux-based systems’ clients are especially vulnerable as an all-zero key can be planted. Android devices with version 6.0 or later have this client as well. However, traffic from Windows, iOS and macOS systems will still have plenty of penetration.

Vanhoef first published his whitepaper in May and began notifying manufacturers in July. CERT sent a notification to vendors in late August. And you can bet that all parties of good faith are working towards a patch.

Until then, check the website of your router’s manufacturer and see if there’s a firmware update you can send along. Bypass Wi-Fi by using your cell service or a walled Ethernet connection. Consider using a VPN full-time if you must use Wi-Fi. And, most importantly, don’t panic.

You May Also Like

Motorola Edge+ renders leak, confirm 108MP camera

Earlier today, and yesterday, we’ve seen leaks of the upcoming Motorola Edge, and now Evan Blass is bringing us the Motorola Edge+

vivo S6 5G design confirmed by promo images, online listing

The vivo S6 5G, which will sport dual-selfie-cameras, has popped up in the promo images you see below, showing off the quad-camera setup.

Samsung brings Galaxy S20’s camera features to Galaxy S10 and Galaxy Note 10

The update also brings the Quick Share feature for file transfer, alongside the Gallery app’s new Clean View and Quick Crop tools to Galaxy S10 and Note 10.