Hackers can run malicious code on almost any gadget due to a new Wi-Fi vulnerability

Cybersecurity experts have discovered a dangerous vulnerability in the basic Wi-Fi standard, IEEE 802.11, the Bleepingcomputer project reports. The authors of the study claim that the bug allows hackers to intercept all traffic.

The attack is based on the fact that an attacker can inject malicious JavaScript code into the victim’s browser in unencrypted HTTP connections to exploit vulnerabilities in the victim’s browser.

The report states that the data being transmitted is typically encrypted using a group encryption key shared by all devices on a Wi-Fi network. However, an attacker can force the data to be transmitted in plain text or encrypt it with a key provided by the attacker. According to the authors, the «hole» is in the Wi-Fi protocol itself on all devices running Linux, FreeBSD, iOS, and Android.

«The attack we have described is of large-scale importance, as it affects various devices and operating systems (Linux, FreeBSD, iOS, and Android), and can also be used to intercept TCP connections, client and network traffic,» the researchers said.