If you’re in range of a Wi-Fi router going all the way back to 1997, you’re vulnerable to attackers who can steal your info.
A Belgian security researcher who specializes in Wi-Fi bugs has discovered a slew of new ones that impact the Wi-Fi standard itself, dubbed FragAttacks. The term “fragmentation and aggregation attacks” is short for “fragmentation and aggregation attacks.”
Some vulnerabilities date back to 1997, which means that laptops, smartphones, and other smart devices as old as 24 years may be vulnerable to Wi-Fi attackers. Attackers might intercept the owner’s information, cause malicious code, and/or take control of the computer if they were close enough.
Mathy Vanhoef, a Belgian security researcher, has discovered 12 different vulnerabilities that affect most Wi-Fi-enabled devices at a time when Android OEMs are still working on patches to repair the Qualcomm modem vulnerability. Vanhoef refers to the array of flaws as “FragAttacks,” and believes that attackers will use them to get access to your data.
Vanhoef has set up a new FragAttacks website (via Gizmodo) to clarify the new Wi-Fi vulnerabilities. According to Vanhoef, nine of the twelve weaknesses are caused by programming errors in individual Wi-Fi systems, while the other three are caused by bugs in the Wi-Fi protocol itself. Fortunately, exploiting the design vulnerabilities is difficult since it necessitates user intervention or needs the use of unusual network settings. As a result, the most serious problem in practice is programming errors in Wi-Fi devices, as many of them are easy to exploit,” according to the website.
Vanhoef also posted a video showing how an intruder could exploit the flaws. If you want to learn more about the technical specifics, check out the video embedded below or visit the FragAttacks website.
It’s worth noting that the Wi-Fi Alliance and system manufacturers are already aware of the latest flaws, and some have begun to release updates for their devices. Microsoft, Eer, Aruba, Cisco, Ruckus, Intel, Juniper, Lancom, Lenovo, Linux Wireless, Mist, Netgear, Samsung, Synology, and Zyxel have all released patches for their products, according to The Verge.
If your computer hasn’t yet been patched, Vanhoef advises that you “update your devices, don’t reuse your passwords, make sure you have copies of important data, don’t visit shady websites, and so on.”
What evidence does he have that *every* device is affected?
Experiments were carried out on over 75 computers, with each of them being vulnerable to at least one of the attacks discovered. Might there be FragAttack-resistant Wi-Fi devices hidden away in a cave somewhere in the world? Vanhoef wrote, “Well if you find one, let him know.”
“However, I’m curious whether all devices in the entire world are indeed affected!” he said. “To find out, please let me know if you come across a computer that isn’t affected by at least one of the discovered vulnerabilities.”
This may be your 15 minutes of fame as a device vendor. If you believe your product is unaffected, the researcher requests that you give him one:
The name of the company and the product will be featured in his post after he states that it can withstand FragAttacks. Please, no silent patches: Vanhoef has methods for determining whether the system was usable before the flaws were exposed. He intends to present his findings at the USENIX Security conference, with a longer talk and more history planned for Black Hat USA, which runs from July 31 to August 5.
