Belgian researchers have discovered a flaw in a widely used system for securing Wi-Fi communications that could allow hackers to read information that was previously understood to be encrypted, or infect websites with malware, they said on Monday.
Researchers Mathy Vanhoef and Frank Piessens of Belgian university KU Leuven disclosed the bug in the WPA2 protocol, which secures modern Wi-Fi systems used by vendors for wireless communications between mobile phones, laptops and other connected devices with Internet-connected routers or hot spots.
“If your device supports Wi-Fi, it is most likely affected,” they said on a website, www.krackattacks.com, that they set up to provide technical information about the flaw and methods for attacking vulnerable devices.
It was not immediately clear how difficult it would be for hackers to exploit the bug, or if the vulnerability has previously been used to launch any attacks.
The Wi-Fi Alliance, an industry group that represents hundreds of Wi-Fi technology companies, said the issue “could be resolved through a straightforward software update.”
The group said in a statement it had advised members to quickly release patches and recommended that consumers quickly install those security updates.
(Reporting by Jim Finkle in Toronto; editing by Susan Thomas)