Frag attacks could fry all your Wi-Fi devices

Even devices dating back to 1997 are vulnerable to FragAttacks

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A new set of vulnerabilities have been discovered in theWiFi standardthat affect WiFi-enabled devices dating all the way back to 1997.

In total there are 12 different vulnerabilities which have been dubbed FragAttacks (fragmentation and aggregation attacks) by Belgian academic and security researcher Mathy Vanhoef who first discovered them nine months ago.

FragAttacks have the potential to be particularly dangerous as they could allow an attacker to gather information about the owner of a Wi-Fi-enabled device and run malicious code to compromise it even withWi-Fi security protocolssuch as WEP and WPA enabled. Thankfully though, an attacker would have to be in range of a targeted device to exploit these vulnerabilities as they can not be exploited remotely.

Vanhoef provided further insight regarding the vulnerabilities he discovered on anew websitededicated to FragAttacks, saying:

“Three of the discovered vulnerabilities are design flaws in the Wi-Fi standard and therefore affect most devices. On top of this, several other vulnerabilities were discovered that are caused by widespread programming mistakes in Wi-Fi products. Experiments indicate that every Wi-Fi product is affected by at least one vulnerability and that most products are affected by several vulnerabilities.”

FragAttacks

Vanhoef is no stranger to finding vulnerabilities in the Wi-Fi standard as he previously discovered both theKRACKandDragonbloodvulnerabilities.

Just as he did then, Vanhoef immediately reported his findings to theWi-Fi Alliancewhich has been working for the past nine months to correct the Wi-Fi Standard while also helping device vendors release firmware patches to address these 12 vulnerabilities.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

According to astatementfrom the Industry Consortium for Advancement of Security on the Internet (ICASI), so far Cisco Systems, HPE/Aruba Networks, Juniper Networks, Sierra Wireless andMicrosofthave published security updates and advisories on FragAttacks.

In asecurity update, the Wi-Fi Alliance explained that no attacks exploiting these vulnerabilities have been observed in the wild, saying:

“There is no evidence of the vulnerabilities being used against Wi-Fi users maliciously, and these issues are mitigated through routine device updates that enable detection of suspect transmissions or improve adherence to recommended security implementation practices. Wi-Fi Alliance has taken immediate steps to ensure users can remain confident in the strong security protections provided by Wi-Fi.”

In order to protect yourself from FragAttacks, the Wi-Fi Alliance recommends that users of Wi-Fi-enabled devices install the “latest recommended updates from device manufactures”.

ViaBleepingComputer

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)