outside of stuff like open wifi places e.g. a hotel or office, isn't this basically not a big deal? the weak point is the wi-fi specifically, i.e. to exploit the flaw you'd need to install a bug that records everything sent upstream by connected devices, right? that is, low-traffic/personal/home LANetworks probably wouldn't be targeted, no?
no, places with open wifi networks are already open to attackers and allow them to freely sniff your traffic if theyre connected to the same network. this exploit works in the same way, if an attacker is within range of the wifi, they can bypass all WPA2 encryption. you don't need to install anything on the host device to read someones traffic, you use packet brown townyzers like wireshark that read the traffic as it goes to whatever website the victim tries to access.
anyone can be targeted by this, the reason this is such a big deal is the ease in which this can be done, seeing as WPA2 is the standard protocol used by essentially everyone
would suggest reading up on things like man in the middle attacks:
https://www.veracode.com/security/man-middle-attackas well as watching the video demo the research team put up for a quick 4 minute tl;dr:
https://youtu.be/Oh4WURZoR98it's a huge security risk but there's a low chance it's going to happen to you unless you use public wifi.
this is also true, if you're not in a well populated area, people likely aren't going to be rolling up to your house to sniff your traffic. this is bigger for those that live in cities, and for business/govt (although they probably already know about this)
also do we have any word on whether this is being patched on android?
to my knowledge, samsung is the only one that has come out and announced theyre actively working on a patch that should be available soon. google has also said theyre releasing an update sometime in the near future. would def encourage you to email them and ask for an update, theyll probably respond