Yesterday, a Belgian researcher, Mathy Vanhoef made public his discovery from this past summer that the security protocol used to protect most wifi connections is vulnerable to hacking such that data formerly thought to be encrypted and protected could be hacked and that it was also possible for a cybercriminal to inject ransomware and other malware into websites visited through compromised wifi connections. If your device supports wifi, it is most likely affected.
The United States Computer Emergency Readiness team issued a warning yesterday that lists all of the systems affected. Here is a link to that warning.
As is often the case when discoveries of computer vulnerabilities are made, researchers notify the technology companies first to allow them time to come up with patches. In this case, the technology companies were notified on August 28th about this problem. Google has indicated that it expects to have a patch available “in the coming weeks.” Microsoft has said, “we have released a security update to address this issue. Customers who apply the update, or have automatic updates enabled, will be protected.”
This is one instance where things may not be as bad as they initially appear. Hackers exploiting the vulnerability would need to be physically close to the attacked device to accomplish an attack and connections to secure websites using HTTPS will still be safe. Online banking and online shopping websites will generally use https technology which you can confirm by looking at the address line for the letter “s” after the initial http in the website address. In addition, as I have long advised you, if you are going to use public wifi you should use Virtual Private Network (VPN) which is not affected by this vulnerability.
This discovery also emphasizes the importance of having your security patches and updates installed automatically or as soon as they are available. I will update you on this situation as new information becomes available.