New Vulnerability Affects WiFi Devices found in a whole raft of security flaws impacting all WiFi devices, including smartphones, IoT devices, and personal computers going back as far as 1997. Unfortunately, it means that almost every WiFi device in use today is vulnerable to what they call FragAttacks.
Mathy Vanhoef, of the University of Abu Dhabi, and the researcher who discovered FragAttacks had this to say about them:
“Experiments indicate that every WiFi product is affected by at least one vulnerability and that most products are affected by several vulnerabilities.
The discovered vulnerabilities affect all modern security protocols of WiFi, including the latest WPA3 specification. Even the original security protocol of WiFi, called WEP, is affected. Several of the newly discovered design flaws have been part of WiFi since its release in 1997!”
If there’s a silver lining, it lies in the fact that an attacker needs to be within the WiFi range to target the device and to execute the attack and either inject malicious code or steal sensitive data. However, if the attacker is in range, he can take complete control of the target device.
Vanhoef also notes that the WiFi vulnerabilities are somewhat tricky to abuse because they rely on network settings not commonly used, which, combined with the first point, offers a measure of protection.
Nonetheless, this is about as serious as it gets, but fortunately, vendors are already in the process of developing patches to address the vulnerabilities.
The patches as follows:
There’s no evidence at this point that any of these attacks are in the wild.
Even so, these flaws represent a serious point of weakness. Therefore, we see the development and deployment of patches researchers recommend disabling fragmentation, disabling pairwise rekeys, and disabling dynamic fragmentation in WiFi 6 (802.11ax) devices.