Shortly after we published our show last week, researchers revealed information about a fundamental flaw in the WPA2 security protocol. This technology is almost certainly the technology that you use to protect your Wi-Fi at home and at work. The vulnerability allows an attacker to decrypt data sent from your device to your router without needing to know your WPA2 security key. Researcher Mathy Vanhoef wrote about the topic,
This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.
Since this problem exists in the standard itself, it means that every device that supports WPA2, which is almost every Wi-Fi capable device, is vulnerable without patching. Affected parties were informed about the exploit weeks before the information was made available publicly. This allowed companies to produce patches to eliminate the exploit.
Apple has a fix in beta for all of their platforms, while Cisco and Netgear have released patches, and Windows devices were already not affected. Linux and Android are the most likely to be issues in the long-run, however, as the open source system they use has an even larger issue, allowing for a complete reset of the WPA2 key.