Cyber security experts have found a vulnerability in wifi which means hackers could listen in on communications between your devices and your router, according to reports.
The vulnerability is around wifi protected access II protocol, or WPA2, a way of protecting wifi networks using a method of encryption known as pre-shared key (PSK) authentication.
Technology site Ars Technica said the researchers who found the vulnerability will reveal later how they did it, but it is thought to be associated with the so-called four-way handshake which is used to encrypt traffic between a device (ie. your smartphone or laptop) and the router.
Before communications are sent via a wifi connection, the four-way handshake ensures the connection is secure via confirmation steps known as handshakes. It is thought the researchers have found a way to substitute one of those steps using a message which breaks the encoding entirely.
The researchers are preparing a proof-of-concept exploit which they are expected demonstrate later today through website krackattacks.com, said Ars Technica. They have dubbed it Krack, short for "Key Reinstallation Attacks".
US-Cert, the US' Computer Emergency Readiness Team, issued this warning, according to The Verge:
US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017.
The vulnerabilities are expected to be revealed at 8am East Coast time; 1pm in the UK. Hold tight.