A team of Belgian researchers has discovered the vulnerability, which allows attackers to eavesdrop Wi-Fi traffic passing between computers and access points, reports ArsTechnica . The exploit is known as KRACK, or Key Reinstallation Attacks. KRACK reportedly hijacks data being sent over the network by interrupting the third step in a four-way “handshake” that creates a key for encrypted data. The United States Computer Emergency Readiness Team recently contacted about 100 organizations ahead of the official announcement of the vulnerability. In the note they said:

US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017.

Needless to say, the WPA2 security protocol KRACK vulnerability could have far-reaching consequences for virtually everyone on the planet that uses a Wi-Fi connection. Right now, the good news is that there are no reported cases of hackers using the KRACK vulnerability to access a user’s data. Hopefully the WPA2 security protocol issue can quickly be addressed before any damage is done.