The flaw exists in the actual standard, so it's not a coding error.Researchers have discovered a flaw in the Wi-Fi standard that attackers may use to eavesdrop on wireless network traffic even if WPA2 is used for protection.
Key Reinstallation Attacks, or Krack Attacks, work against all Wi-Fi networks protected by WPA2, and may in some cases be used to inject and manipulate data as well. The attack works against WPA and WPA2 standards, and against personal and Enterprise networks that implement Wi-Fi.
From another article, Severe WiFi security flaw puts millions of devices at riskGood news is that it is possible to patch the issue. However, a firmware update needs to be released by the manufacturer of the router, access point or client. The researchers note that any device that uses Wi-Fi is likely vulnerable to the attack.
Lastly, for the less technical, an article from the BBC, Wi-fi security flaw 'puts devices at risk of hacks' - BBC News.The problem is made worse by Android and Linux, which, thanks to a bug in the WPA2 standard, don't force the client to demand a unique encryption key each time. Rather, they allow a key to be cleared and replaced by an "all-zero encryption key," foiling a key part of the handshake process. In some cases, a script can also force a connection to bypass HTTPS, exposing usernames, passwords and other critical data.
<snip>
If you still doubt the seriousness of it, Alex Hudson, for one, is actually advising Android users to "turn off WiFi on these devices until fixes are applied." He adds that "you can think of this a little bit like your firewall being defeated."
As such, you can protect yourself to a great extent by sticking with sites that have solid, proven HTTPS security. And of course, the attack won't work unless the attacker is nearby and can physically access your network.
Hopefully manufacturers will promptly address this issue and provide a fix. From what I've read so far this morning, Android phone users should be very careful about which Wi-Fi connections they use.
If you have a Wi-Fi router, you should be checking the manufacturer's website over the next couple of weeks to see if there is a firmware update available for your router. For those with ancient, unsupported routers, it might be worthwhile to consider upgrading to a newer, supported version.