KU Leuven said its researchers have discovered weaknesses in a protocol that secures all protected Wi-Fi networks. If exploited by attackers, credit card information, passwords and more could be stolen.
According to KU Leuven, whenever someone joins a Wi-Fi network, a “four-way handshake” is executed to produce a fresh encryption key for all subsequent traffic.
“To guarantee security, a key should be installed and used only once,” KU Leuven said. “But in a key reinstallation attack, attackers trick a victim into reinstalling an already-in-use key. As a result, they can steal sensitive information or, depending on the network configuration, inject malware into a website.”
The researcher was able to detect the weakness by performing a “novel type of attack” against the WPA2 protocol, KU Leuven said.
KU Leuven said that changing Wi-Fi passwords would not be enough to prevent attacks. Instead, users should update devices as soon as security updates become available.