Operating systems such as Google’s Android, Apple’s iOS, and Microsoft’s Windows could all be affected.
The security layer that protects Wi-Fi networks has been cracked by hackers, potentially allowing them to listen to your communications on devices connected to the internet, research published Monday revealed.
WPA2 is a security protocol that protects modern Wi-Fi networks. Hackers have found a way to manipulate the cryptographic elements behind the security, according to Mathy Vanhoef of KU Leuven, a university in Belgium.
The issue is with the security standard itself rather than individual devices, but it can affect those devices that are connected to a Wi-Fi network.
Vanhoef found that operating systems such as Google’s Android, Apple’s iOS, and Microsoft’s Windows could all be affected.
The WPA2 protocol works using a so-called “four-way handshake.” The initial part of the handshake takes place when a user puts in the correct password to access a Wi-Fi network. The next step is when a new encryption key is generated to encrypt subsequent traffic.
Hackers are able to manipulate this process through what is known as a key reinstallation attack (KRACK).
“This is achieved by manipulating and replaying cryptographic handshake messages,” the researchers wrote.
The research paper does, however, state that an attacker must be within range of a victim.
Any device connected to a Wi-Fi network could be affected. But the researchers said that the flaw could be “catastrophic” against a certain version of Linux, and “exceptionally devastating” to devices running Android 6.0 and above. Half of the Android devices in circulation are running this version, according to data from Google.
Vanhoef said that he is not sure if this flaw is being exploited currently.
The researcher said vendors of products that were affected were notified around 14 July. Vanhoef then disclosed the vulnerability to the United States Computer Emergency Readiness Team (CERT), which sent out a notification to vendors on August 28.
Vanhoef said there is no need to change your Wi-Fi password. Instead, it’s important to make sure all devices and the firmware of your router are updated.
The researcher also said that people should continue using the WPA2 protocol.