DO NOT USE PUBLIC WIFI WHEN WORKING WITH SENSITIVE DATA
Websites and applications that communicate via HTTPS and the use of a VPN will protect you from snooping, but won’t prevent someone from actually piggy-backing onto your data connection and sniffing all the unencrypted traffic, which can include many mobile apps and regular websites that don’t use HTTPS. For much better security, wired networks are still superior and are completely unaffected by this particular flaw.
- This exploit has not yet been seen in the wild, and it does rely on someone being physically close enough to you to start the attack.
- In any instance when either the provider or receiver are patched to fix this loophole, this exploit will not work.
- Android 6.0 devices and newer, which are just about all current and previous generation phones and tablets.
- Any routers or firewalls with built-in WiFi
- Just about all consumer-grade WiFi access points
- Unpatched computers with WiFi capabilities
- Home automation devices that rely on WiFi for control (Nest thermostats, Ring doorbells, etc.)
- WiFi connected cameras
It may be days or even weeks before this vulnerability is patched on mobile devices, and in the case of some older phones and tablets, this vulnerability may never be patched if the manufacturer has abandoned support for that particular model. Windows 10, 8 and 7 have already been patched. Apple has a patch in beta right now for most of its late model devices and OS X, and most variants of Linux are already distributing patches for this hole. Firmware updates for higher-end, late-model routers and access points are likely to happen, but it will vary greatly by manufacturer and age of device, and it’s still too soon to tell when or if automation and security devices will be patched.
Image Courtesy of Stuart Miles at FreeDigitalPhotos.net