A new vulnerability in all wi-fi enabled devices was announced today impacting the typical way many of us access wi-fi networks (WPA2 personal). Initial reports suggest Android and Linux users particularly vulnerable but it is safe to assume every device/platform is impacted. Worst case: when exploited, it allows one to intercept passwords, e-mails, and other data presumed to be encrypted, and in some cases, to inject ransomware or other malicious content into a website a client is visiting.

Although patches are being (and will be) released by wifi router and phone providers, the new vulnerability serves as a reminder to make sure your personal and home hardware is regularly updated. You might also reflect before accessing an open or otherwise public wi-fi network. In the near term, phones and computers will likely be patched. IoT devices will take longer.

If you want to read more, here are a few articles that provide the context and some suggested approaches: