Security researchers have uncovered a new security vulnerability in the Wi-Fi standard for encryption that could give attackers a way to eavesdrop on data transmitted from a device to a wireless access point over a Wi-Fi network. According to the researchers from DistriNet Research Group, the vulnerabilities are affecting Linux-based and Android devices for the most part, with the research suggesting that 41 percent of devices running the Android operating system or the handsets with Android 6.0 Marshmallow and above are likely to contain the Wi-Fi encryption vulnerability.
The Wi-Fi vulnerability in question can make it easy for attackers to alter Wi-Fi traffic or introduce malware into the traffic transmitted from Android and Linux devices. That is because attackers do not need to hack the Wi-Fi network password. Instead, attackers can execute an attack on devices found within its range. More specifically, some of the possible actions hackers might be able to perform during the attack include loading ransomware into a website, a form of cyber attack that locks victims out of their own device until they pay for the decryption key to recover their machine and files. Once an attack is carried out, some of your personal information such as emails, passwords, credit card numbers and photos can be compromised as a result of the traffic interception. For its part, Google says the vulnerability has come to its attention and that it is working on a fix which will be rolled out to all potentially affected devices over the next few weeks.
It is worth pointing out that the vulnerability affects the 4-way handshake of the WPA (Wi-Fi Protected Access) 2 encryption protocol for securing wireless computer networks. That means the exploit is not found in the individual products and implementations. The researchers explain that some of the attacks can be used to exploit even the modern Wi-Fi networks that use the WPA or WPA 2 protocol. Moreover, keep in mind that the vulnerability involves the Wi-Fi standard, which means that it not only compromises Android and Linux devices, but also machines running the macOS, Windows and iOS operating systems. Nevertheless, security updates for the affected products are expected to be rolled out soon and users are encouraged to immediately download the update to prevent the attack.