A major wi-fi security flaw could allow hackers to intercept encrypted data

Hackers have cracked the security layer that protects Wi-Fi networks, potentially allowing them to intercept encrypted data or infect websites with malware. According to Mathy Vanhoef of KU Leuven, a university in Belgium, it affects the WPA2, a security protocol that protects modern Wi-Fi networks. The WPA2 protocol works using a so-called “four-way handshake.” The initial part of the handshake takes place when a user puts in the correct password to access a Wi-Fi network. The next step is when a new encryption key is generated to encrypt subsequent traffic. Hackers are able to manipulate this process through what is known as a key reinstallation attack (KRACK). Vanhoef found that operating systems such as Google’s Android, Apple’s iOS and Microsoft’s Windows could all be affected. The U.S. Department of Homeland Security has recommended installing vendor updates on affected products, such as routers provided by Cisco Systems or Juniper Networks. Any device connected to a Wi-Fi network could be affected, but it only works if the attacker is within range of a victim. But the researchers say it could be “catastrophic” to a certain version of Linux and “exceptionally devastating” to devices running Android 6.0 and above. Vanhoef said that he is not sure if this flaw is being exploited currently.