In short, any wifi connection (and the devices on that network) using WPA2 could be open to an attack. I believe this is limited to un-encrypted traffic, so things like using HTTPS websites and VPNs help you stay safe. Rather than regurgitate what’s already been written, here’s info from world renowned security professional Brian Krebs:
Short for Wi-Fi Protected Access II, WPA2 is the security protocol used by most wireless networks today. Researchers have discovered and published a flaw in WPA2 that allows anyone to break this security model and steal data flowing between your wireless device and the targeted Wi-Fi network, such as passwords, chat messages and photos.
“The attack works against all modern protected Wi-Fi networks,” the researchers wrote of their exploit dubbed “KRACK,” short for “Key Reinstallation AttaCK.”
Read the whole article here:
https://krebsonsecurity.com/2017/10/what-you-should-know-about-the-krack-wifi-security-weakness/
So this is a protocol issue, not related to specific hardware or software defects.
What devices could be affected?
Any device running with a wifi connection running WPA2, so:
- PCs/Macs/Chromebooks running Windows, macOS, Linux, ChromeOS
- Anything running Android (phones, tablets)
- iPhones
- Printers and copiers
- Handheld scanners (warehouse / retail environments)
- Point-of-Sale systems (very common now in small businesses)
- VoIP phones
- Streaming media players (Amazon Fire, Roku, Google ChromeCast, etc.)
- Gaming consoles
- Smart home (IoT) devices, (thermostats, lighting, refrigerators, doorbells, etc.)
- Smart televisions
- eBook readers
- Security cameras
- Medical devices
- Any industrial control equipment running Wi-Fi
How to protect yourself?
Update your device software/firmware/etc. Some patches are available.
Further reading if you’re super interested and want to know more
- What the big boy companies are saying about KRACK - CNET
- Researchers who found the vulnerabilty put together a website about their findings: Key Installation Attacks
- Every patch for KRACK Wi-Fi vulnerability available right now - ZDNet
- Running list of affected hardware vendors - CERT