If for some reason you're still using TKIP crypto on your Wi-Fi, ditch it – Linux, Android world bug collides with it
It’s been a mildly rough week for Wi-Fi security: hard on the heels of a WPA2 weakness comes a programming cockup in the wpa_supplicant configuration tool used on Linux, Android, and other operating systems.
The flaw can potentially be exploited by nearby eavesdroppers to recover a crucial cryptographic key exchanged between a vulnerable device and its wireless access point – and decrypt and snoop on data sent over the air without having to know the Wi-Fi password. wpa_supplicant is used by Linux distributions and Android, and a few others, to configure the Wi-Fi for computers, gadgets, and handhelds.
This key is used in networks that employ EAPOL (Extensible Authentication Protocol over LAN). The good news is that no more than around 20 per cent of wireless networks will be vulnerable, it is estimated, because the attack requires TKIP and WPA2 to be in use – and no one should be using TKIP in 2018.