Cryptographers said the Wi-Fi flaw, reported by a security researcher, is the most significant to have been discovered in years. It is likely, though, to have a larger effect on big corporations than consumers.

The attack works by creating a cloned wireless network that resets the victim’s encryption keys in an insecure fashion, exposing any information that had previously been encrypted via the Wi-Fi Protected Access II, or WPA2. This technology is considered state-of-the-art for wireless security and has replaced older Wi-Fi security standards such as Wi-Fi Protected Access (WPA) and Wired Equivalent Privacy (WEP).

With WPA2 cracked, hackers could view passwords or other sensitive information sent over the network, said Mathy Vanhoef, the researcher at the University of Leuven in Leuven, Belgium, who discovered the flaw. He presented the technique, which he calls a Key Reinstallation Attack, or KRACK, on a website he set up to explain the issue.

News of the flaw was earlier reported by Ars Technica.

However, data travelling on the Wi-Fi network that is encrypted using another technique — for example, the web-based HTTPS encryption that protects many websites — wouldn’t be visible, Mr Vanhoef wrote.

In a video demonstration, Mr. Vanhoef showed how the attack could be used to steal data from an Android phone connecting to a network using WPA2. For the attack to work, hackers would need to first be close enough to their victim’s wireless network to use special equipment that intercepts messages being sent to and from the routers, phones and computers on that network.

That alone would discourage most hackers from attacking most consumer networks, said Matthew Green, an assistant professor of computer science at Johns Hopkins University.

But for a determined attacker, it provides a new way of stealing information from corporate networks, he said.

“The probability seems pretty decent that there will be an attack exploiting one of these vulnerabilities, but for the average person, it probably doesn’t matter very much,” he said.

Apple and Alphabet’s Google said they expect to roll out patches for affected devices within the coming weeks. Microsoft patched the issue on October 10, the company said.

At present, there is no evidence of hackers exploiting the attack, the industry group Wi-Fi Alliance said.

WPA2 has been included in all Wi-Fi devices since 2006 and is “included in almost every Wi-Fi device still in active use,” a Wi-Fi Alliance spokeswoman said.

It will likely be months before code leveraging the attack will be public, said Kenneth White, co-director of the Open Crypto Audit Project, which evaluates the security of encryption software. Like Mr Green, he agreed hackers were likely to target corporate networks with this technique.

The attack is also of concern to users of older Android phones which may no longer receive security updates and could also be used to target remote workers or executives using Wi-Fi networks while travelling, Mr White said.

Dow Jones Newswires

More related stories

Technology

‘Fed up Aussies’ ditch Telstra’s ‘expensive’ plans

 Vodafone-owner TPG says its $1.6bn network sharing deal with Optus has yielded a 40 per cent surge in new customers as Aussies ditch Telstra. Time for a better deal?

Read more

Technology

Bupa unleashes $20m fund to change private healthcare

The health insurer wants to back start-ups that keep people out of hospital and help them better understand their lifestyle and how genetic risk factors affect their health.

Read more