Bad news for WiFi users: A security expert has found that all WiFi networks are vulnerable to hacking thanks to a weakness in the wireless security protocol WPA2. WPA2 is used to protect most WiFi connections, and the fact that it's broken means attackers may be able to "read information that was previously assumed to be safely encrypted," per Mathy Vanhoef's report published Monday. "This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos and so on." The report says such an attack would work "against all modern protected WiFi networks" on operating systems including Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and more, the Guardian reports. Google says it is working on a patch, and Microsoft says it's already released a security update to fix the issue.
Attackers may also be able to use the vulnerability, which is being called Krack (Key Reinstallation AttaCK), to "inject and manipulate data," such as by infecting a website with ransomware or other malware, the report says. The United States Computer Emergency Readiness Team issued a warning about Krack Sunday, and Britain's National Cyber Security Centre says it is investigating the weakness. It's particularly significant given that WPA2 is the most secure protocol generally being used to encrypt WiFi networks, rather than an older security protocol. The bottom line: "If your device supports WiFi, it is most likely affected." Another expert says home users need not be too worried, as the attack is "quite ... complex ... to carry out in practice," but that they should update their software whenever an update becomes available. The Consumerist, which notes that "basically every device on earth" is affected, says users should also install security updates on any connected devices as soon as prompted.