Purdue University researchers discovered a vulnerability that exploited a mechanism for reconnecting previously paired devices. Technically speaking, when the devices reconnect, they must re-verify each other’s encryption keys.
However, given the language of the protocol, it turns out that this re-validation is not mandatory and it appears to be optional. Even when applied, it can also be circumvented. This means that in theory, attackers might be able to impersonate the connections of previously connected devices, allowing them to trick users into connecting to an entirely different device, intercepting their traffic, and launch malicious attacks.
The good news is that based on what researchers found, it appears that Windows devices are immune to this attack, as well as Apple devices as the company fixed this flaw in May. However, Internet Of Things, Android devices, and Linux laptops are at risk, but we hope that manufacturers will release updates to address this issue soon.
