The hackers can unencrypted (non-HTTPS) traffic or compromise your computer by slipping malware into legitimate websites. Researchers have discovered and published a flaw in WPA2 that allows anyone to break this security model and steal data flowing between your wireless device and the targeted Wi-Fi network, such as passwords, chat messages and photos.
Vulnerabilities in WPA2, a protocol used by almost all modern Wi-Fi devices, leaves all Wi-Fi devices at risk of being snooped upon, a security researcher revealed on Monday.
Most modern Wi-Fi networks have their traffic encrypted by a protocol known as WPA or WPA-2, which has existed since 2003 and until now has never been broken.
However, it is not all bad news.
KRACK requires the hacker to be in range of a target's Wi-Fi, so it can't be done remotely. The WPA2 system is a system which secures the Wi-Fi connection between a router and a computer.
"This issue can be resolved through straightforward software updates, and the Wi-Fi industry, including major platform providers, has already started deploying patches to Wi-Fi users", the Wi-Fi Alliance wrote in a statement about KRACK. Microsoft has said that it has already patched the vulnerability on October 10 to protect the Windows devices from the security flaw. There is still no specific information on Android phones, considering the fragmentation in that space and a lot will depend on how quickly phone makers want to roll out the updates. In the meantime, treat every Wi-Fi connection like it's the public network at Starbucks. They have advised Wi-Fi users to contact their vendors for updates.
Even if you were bored enough to actually click on the More info button, you would have had to be REALLY bored to even spot a reference to a vague mention of a wireless security update in the last bullet item of the knowledge base article. You also don't need to change your Wi-Fi passwords, since this security flaw doesn't allow hackers to access that information.
While the KRACK Wi-Fi exploit exposure has made billions of devices vulnerable, Windows users with enabled automatic updates can stay at ease. For instance, if your home security camera is sending unencrypted data on the Wi-Fi network to your phone or tablet, hackers too can get access to that unedited footage.