In the last few days, reports have begun to circulate about a major security flaw in the WPA2 standard of encryption that is in use on nearly every WiFi network in the world. Security researcher Mathy Vanhoef discovered the weakness in the protocol, which could allow anyone within range of a WiFi network to eavesdrop on that network’s traffic.
While this news is a disaster for worldwide information security, it’s proving to be of particular concern for Android users. The researchers have identified a variant of the primary type of attack that may exploit a combination of the newly discovered WPA2 flaw and an inherent weakness in Linux and Android 6.0 and above devices. This means that approximately 41 percent of Android devices worldwide are now at risk of having their WiFi traffic intercepted and deciphered.
The researchers have called the Android vulnerability “potentially catastrophic”. Until a patch is developed for the affected Android devices, it’s critical for their users to be more vigilant in what data they’re transmitting via WiFi. The good news, if there is any, is that any traffic from a vulnerable device to and from a secured website or an app that uses internal encryption should remain safe. In these cases, even if the WiFi layer of encryption is defeated, the information contained in it remains protected by the secondary layer provided by the site or app.
For anyone that’s using an affected device with sites or services that aren’t secured, an excellent option is to make use of a VPN service. In this configuration, all data to and from the device is routed through a secure tunnel that shouldn’t be vulnerable to attackers. Like the secured sites mentioned above, this creates a second line of defense, except in this case it’s system-wide. This method is a good idea for any user because it would help to guarantee the safety of their data even when connected to a public or other unsecured WiFi hotspot.
Regardless of what type of device they’re using, all users should stay on the lookout for patches that will become available in the coming days. It’s critical to install these patches immediately to contain this emerging threat.