A new set of vulnerabilities have been discovered in the WiFi standard (opens in new tab) that affect WiFi-enabled devices dating all the way back to 1997.
In total there are 12 different vulnerabilities which have been dubbed FragAttacks (fragmentation and aggregation attacks) by Belgian academic and security researcher Mathy Vanhoef who first discovered them nine months ago.
FragAttacks have the potential to be particularly dangerous as they could allow an attacker to gather information about the owner of a Wi-Fi-enabled device and run malicious code to compromise it even with Wi-Fi security protocols (opens in new tab) such as WEP and WPA enabled. Thankfully though, an attacker would have to be in range of a targeted device to exploit these vulnerabilities as they can not be exploited remotely.
- We've built a list of the best endpoint protection software (opens in new tab)
- These are the best firewalls (opens in new tab) on the market
- Also check out our roundup of the best secure router (opens in new tab)
Vanhoef provided further insight regarding the vulnerabilities he discovered on a new website (opens in new tab) dedicated to FragAttacks, saying:
“Three of the discovered vulnerabilities are design flaws in the Wi-Fi standard and therefore affect most devices. On top of this, several other vulnerabilities were discovered that are caused by widespread programming mistakes in Wi-Fi products. Experiments indicate that every Wi-Fi product is affected by at least one vulnerability and that most products are affected by several vulnerabilities.”
Vanhoef is no stranger to finding vulnerabilities in the Wi-Fi standard as he previously discovered both the KRACK (opens in new tab) and Dragonblood (opens in new tab) vulnerabilities.
Just as he did then, Vanhoef immediately reported his findings to the Wi-Fi Alliance (opens in new tab) which has been working for the past nine months to correct the Wi-Fi Standard while also helping device vendors release firmware patches to address these 12 vulnerabilities.
According to a statement (opens in new tab) from the Industry Consortium for Advancement of Security on the Internet (ICASI (opens in new tab)), so far Cisco Systems, HPE/Aruba Networks, Juniper Networks, Sierra Wireless and Microsoft have published security updates and advisories on FragAttacks.
In a security update (opens in new tab), the Wi-Fi Alliance explained that no attacks exploiting these vulnerabilities have been observed in the wild, saying:
“There is no evidence of the vulnerabilities being used against Wi-Fi users maliciously, and these issues are mitigated through routine device updates that enable detection of suspect transmissions or improve adherence to recommended security implementation practices. Wi-Fi Alliance has taken immediate steps to ensure users can remain confident in the strong security protections provided by Wi-Fi.”
In order to protect yourself from FragAttacks, the Wi-Fi Alliance recommends that users of Wi-Fi-enabled devices install the “latest recommended updates from device manufactures”.
- We've also featured the best antivirus (opens in new tab)
Via BleepingComputer (opens in new tab)