Researchers have recently discovered a critical flaw that affects all WPA2 protected Wi-Fi devices. This can't be remedied solely by user intervention, or password changes, or even by the usage of HTTPS website; this is a flaw with the core of WPA's protection scheme, and means that an attacker could intercept every single traffic data point that your device sends over Wi-Fi, including passwords, credit card details, images - the whole treasure trove. Adding insult to injury, it's even possible for attackers using this method to inject malware into your devices. The new attack method - dubbed KRACK for Key Reinstallation Attack - basically forces your device's encryption code to default to a known, plain-text all-zero decryption key, which is trivial for hackers to reuse.

Adding to the paranoia, this is basically a device and software-agnostic attack - it's effective against devices running Android, Linux, and OpenBSD, and to a lesser extent macOS and Windows, as well as MediaTek Linksys, and other types of devices. HTTPS isn't the best solution either, simply because some website's implementation of it isn't the best, and there are scripts (such as SSLScript) that can force a website to downgrade its connection to a simple HTTP link - which can then be infiltrated by the attacker.