Equifax and Yahoo disclosed major security breaches recently, which are quite scary, especially the former. But security researchers are about to unveil to explain how hackers could hack any existing Wi-Fi connection and spy on all of your data.
The encrypted WPA2 protocol was just breached, putting at risk everyone who uses wireless internet at home or abroad. You can't fix the issue yourself, but while you wait for network equipment makers to patch access points, there are several steps you can take to protect yourself.
Yes, the issue is serious, but as long as a hacker isn't specifically looking to spy on your data, you should not worry about it.
The proof-of-concept exploit is called KRACK (or Key Reinstallation Attacks), according to Ars Technica. An advisory from US-CERT explains that the hack should be publicly disclosed on Monday:
US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven will be publicly disclosing these vulnerabilities on 16 October 2017.
Until access points are fixed, all Wi-Fi traffic is at risk, meaning that hackers will be able to eavesdrop on all your Wi-Fi traffic and steal data coming from all sorts of home devices that connect to the internet wirelessly.
If you're worried about your security, various solutions can help you mitigate the problem while you wait for hardware companies to update router firmware.
You can stop using Wi-Fi until your routers are fixed, and switch to Ethernet instead. You should also consider using Virtual Private Networks (VPN) to obfuscate your internet usage, especially if you keep using Wi-Fi, and especially in those places where you don't control the wireless network. Also, make sure use HTTPS when browsing the web and other security protocols to encrypt all your traffic. However, you might not be able to do anything about the smart devices that connect via Wi-Fi to your home network.