Thousands of wi-fi connections in homes and businesses around the world are vulnerable to cyberattacks, researchers from the Belgian university KU Leuven warned on Monday.
According to their findings outlined in a paper, the issue revolves around a system of random number generation known as "nonce," which can be reused by a hacker to enter a network and spy on the data being sent in it.
"All protected wi-fi networks use the four-way handshake to generate a fresh session key and so far this 14-year-old handshake has remained free from attacks," researcher Mathy Vanhoef said. "Every wi-fi device is vulnerable to some variants of our attacks. Our attack is exceptionally devastating against Android 6.0: it forces the client into using a predictable all-zero encryption key."
The U.S. Emergency Readiness Team (Cert) has issued a warning on the flaw.
"US-Cert has become aware of several key management vulnerabilities in the four-way handshake of wi-fi protected access II (WPA2) security protocol."
The organization, which operates within the Department of Homeland Security, confirmed that "most or all correct implementations of the standard will be affected."