Changing the password won't do any good, the devices themselves need to be updated, so if you are using old technology you may be out of luck. The groups with most to lose will be corporations so they are likely to be updating.
How do they do it? When hackers find a network with the vulnerability, they make a clone, impersonate the MAC address and then change the Wi-Fi channel. Now devices don't realize they are using the "fake" router. Because it copies the whole router, hackers can't see passwords, but they can see data, like credit cards. Visiting HTTPS rather than HTTP sites will likely be okay, according to Engadget. There is also a detailed FAQ, courtesy of Aruba.
Hank Campbell is the President of the American Council on Science and Health, a pro-science consumer advocacy non-profit founded in 1978, and founded Science 2.0 in 2006. He did not receive any funding from Big Bluetooth or anyone else to write this article.