A new vulnerability has been found in off the shelf routers including  such as Netgear and Linksys. The bug is present in WPA2’s cryptographic code and can be utilized to trick a connected party into reinstalling a key which is already in use. While the code is meant to prevent replay attacks, in this case, attackers are then given the opportunity to replay, decrypt, or forge packets.

In general, Windows and newer versions of iOS are unaffected, but the bug can have a serious impact on Android 6.0 Marshmallow and newer.

The attack could also be troublesome for IoT devices, as vendors often fail to implement acceptable security standards or update systems in the supply chain, which has already led to millions of vulnerable and unpatched IoT devices being exposed for use by botnets and hackers.

The vulnerability does not mean the world of WPA2 is completely useless, but it is up to vendors to mitigate the issues this may cause.

The would be perpetrator would need to be within WI-FI range of your network to gain access. It is not something as of yet whcich can be accessed via the internet from half-way around the world.

 

RECOMMENDATION – Patch / Update your routers.