A bug called KRACK has broken WPA2 a security protocol present in most WiFi devices and it has left them vulnerable to a cyber attack. Krack or Key Reinstallation Attack has exposed the basic flaw at the centre of most modern phones, PCs, routers, etc. Mathy Vanhoef, a computer security expert found the issue and informed that the weakness is a feature in the protocol, that enables new devices with a pre-shared password to join its network. According to Vanhoef, a KRACK attack helps hackers "to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos" from any Wi-Fi supported gadget. "If your device supports Wi-Fi, it is most likely affected," said Vanhoef, on his website. This bug completely breaks down the WPA2 protocol which puts any supported device at risk, be it personal or at a workplace. The issue is grave enough that US Homeland Security's cyber-emergency unit US-CERT has confirmed and warned everybody of the bugs. The attack basically uses the vulnerability in cryptographic nonce and generated a number randomly. This number is used by the hacker to impersonate a prior authenticated user. The attacker essentially tricks the victim to reinstall the key already in use. Vanhoef indicates that other than the ability to steal sensitive information, "it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites." What makes Krack-like attacks interesting, is that the flaw is not in the individual device themselves, but in the WiFi standards. This opens every device, from iOS to Android, from Windows to Linux vulnerable to attack in some form. Also, this kind of attack does not retrieve your WiFi password, so changing them is useless. In order to prevent your device from the cybercriminals, you need to update your system as and when the latest security updates are available. You will also have to update the firmware of your route. However, the priority is to upgrade your devices as they are the clients the hackers want to attack. Now, if your phone has already been abandoned by the company, it will be forever vulnerable.