https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/
Also note the link at the end of the article to a very high percentage of Android VPN Apps, that fail to make users secure.
https://arstechnica.com/information-technology/2017/01/majority-of-android-vpns-cant-be-trusted-to-make-users-more-secure/
Bill
One of the comments mentions that if you're careful about only putting data only over HTTPS, your data is still safe since it's encrypted that way. Good reason to install and use HTTPS Everywhere (it's a plugin).
Think I'm going to just use the mobile network for my phone when I'm away from home now especially with that info about VPNs although at least one was found to be good.
Free wireless access points are probably all going to be scary now because the likelihood they will patch is small. And home routers, ugh, even less likely to be patched unless they're new or expensive. Sigh. Really considering using a Raspberry PI as a router. It's better than cheap routers, I'm sure, and at least you know it's going to continue to be patched.
Been thinking about this more. The biggest concern is really going to be with mobile devices. If you're using wireless at home, an attacker will need to be in range to attack you. Probably an unlikely scenario for most people unless wardriving becomes a thing again.
But if you're using free wifi hotspots, you would be a lot more susceptible since they can hack clients (the biggest problem) such as your phone. Though every device is potentially vulnerable it appears Linux and Android devices are the most problematic. Since we can't control routers on the outside even if we patch our client devices, I'd recommend making sure that you're using https when you log into any websites. Note that the injection means a compromised network can re-direct websites to use HTTP only (those that have the login possibility) so doublecheck you're using a secure connection.
My Mint 18 distro just issued a WPA update, today. Oddly, it was only a level 2 update?
1 Minimal: No impact on the system or other applications.
2 Normal: Default level. Usually low impact on the system.
This would definitely have would have an impact on the system, at least potentially. Remember levels aren't priority levels. They're impact levels. It's also new, so they probably don't know if it will have unforeseen impacts yet.