There is a severe flaw in the encryption security protocols in use by wireless networks that could let attackers hijack traffic, inject malware, and even steal passwords. The flaw, known as KRACK, for Key Reinstallation Attack affects every computing platform publicly available today: Windows, Mac, iOS, Linux, and Android.
The attack works against all modern protected Wi-Fi networks,” Vanhoef wrote on the “official” Krack attack site. “To prevent the attack, users must update affected products as soon as security updates become available. Note that if your device supports Wi-Fi, it is most likely affected.”
The good news is that the attack does not work over the internet. The attacker or malicious actor needs to be within the range of the wireless network. This means airports, hotels, and other public wireless networks become extremely high-risk areas for dealing with important or sensitive data.
What do you do?
The first step is to ensure that your home wireless equipment, phones, and computers are running up-to-date software to minimise the risk of an attack. Once you have updates in place, then you’re free to use wireless anywhere. Unfortunately, you will need to avoid using most free and public wireless networks to remain secure until you do patch your client devices.
Android uses encryption to transfer data there is not much danger in using an Android device, even on unpatched networks. So for example, even if someone hijacks the session of your Android device on the wireless network, the traffic from your phone to Google’s servers will be encrypted.