The flaw, known as KRACK, affects WPA2, a security protocol widely used in most modern Wi-Fi devices. In some cases, a hacker could exploit KRACK to inject malware such as ransomware into websites, according to KU Leuven’s Mathy Vanhoef, the researcher who discovered the vulnerability.
KRACK is an acronym for Key Reinstallation Attack. It involves an attacker reusing a one-time key that’s provided when a client device attempts to join a Wi-Fi network. Doing so could enable the hacker to decrypt information being exchanged between the access point and the client device, which could leave personal details like credit card numbers, messages and passwords exposed, as Vanhoef notes.