A critical vulnerability was identified in Wi-Fi Protected Access II (WPA2) protocol. This protocol is used for data encryption in the majority of wireless Internet connections. The vulnerability allows malefactors to track the traffic between laptops, tablets, smartphones and other mobile devices and the access point.

The vulnerability got a code name KRACK (Key Reinstallation Attack). It was detected during a closed investigation a few weeks ago. The results were published the morning after. The protocol uses 4-way “handshake” to establish the encryption, during the third step the encryption key can be detected and reused multiple times. The malefactor will be able to decrypt and intercept your data, as well as insert desirable HTTP content (for example, they can send you a fake login page to intercept your login details).

Few big participants in this industry as Ubiquity and Aruba have released patches for their devices. However, the leading majority still stay defenceless. Moreover, even if the manufacturer releases the patch it is up to the user to patch the equipment. So you can expect that a lot of communal areas, hotels, pubs, libraries, etc. won’t get any updates for a while.

Those people who are concerned with the privacy of their data should avoid connecting to any public Internet access points, or a the very least use additional encryption such as HTTPS or VPN. If you are a business in London refer to your IT support to patch the access points.