The weaknesses are in the Wi-Fi standard itself, and not in individual
products or implementations.

Therefore, any correct implementation of WPA2 is likely affected. To
prevent the attack, users must update affected products as soon as security
updates become available.

If your device supports Wi-Fi, it is most likely affected.

Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are
all affected by some variant of the attacks.

The research behind the attack will be presented at the Computer and
Communications Security (CCS) conference, and at the Black Hat Europe
conference. Our detailed research paper can already be downloaded.

DEMONSTRATION
As a proof-of-concept we executed a key reinstallation attack against an
Android smartphone.

In this demonstration, the attacker is able to decrypt all data that the
victim transmits. For an attacker this is easy to accomplish, because our
key reinstallation attack is exceptionally devastating against Linux and
Android 6.0 or higher.

This is because Android and Linux can be tricked into (re)installing an
all-zero encryption key (see below for more info). When attacking other
devices, it is harder to decrypt all packets, although a large number of
packets can nevertheless be decrypted.

In any case, the following demonstration highlights the type of information
that an attacker can obtain when performing key reinstallation attacks
against protected Wi-Fi networks:

Any data or information that the victim transmits can be decrypted.

Additionally, depending on the device being used and the network setup, it
is also possible to decrypt data sent towards the victim (e.g. the content
of a website).

Although websites or apps may use HTTPS as an additional layer of
protection, we warn that this extra protection can (still) be bypassed in a
worrying number of situations. For example, HTTPS was previously bypassed
in non-browser software, in Apple's iOS and OS X, in Android apps, in
Android apps again, in banking apps, and even in VPN apps.