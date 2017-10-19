“Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted,” wrote the researchers from Katholieke Universiteit Leuven. “This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on.”

The attack exploits a flaw in how the WPA2 Wi-Fi encryption system is typically implemented. It essentially tricks devices into reusing what are meant to be onetime encryption settings across multiple messages, making it possible for attackers to decode them.

Computers and phones running iOS, Android Windows, Linux, as well as Wi-Fi hardware from companies including Cisco and Ubiquity Networks, are all affected by the issue. Many of those companies have already begun issuing security patches, and experts are urging customers to keep their devices up to date. New devices seeking certification by the Wi-Fi Alliance will be tested for the vulnerability, the industry group said.

But until those security fixes are fully deployed, how much of a risk is Krack to everyday consumers and businesses? Experts who spoke to Fast Company generally said not to worry too much about data being sent to most apps and websites, which nowadays tend to deploy their own encryption for anything personal or confidential.

“For most people, just making sure you patch your devices when you can is probably the right answer,” says Nikita Borisov, a professor at the University of Illinois at Urbana-Champaign known for his role in finding security flaws in earlier Wi-Fi systems.

Temporarily switching away from Wi-Fi to wired Ethernet or cellular connections is probably overkill for most users, he says.