Multiple vulnerabilities have been discovered, and they are said to affect all modern Wi-Fi security protocols and affect a range of devices from smartphones to routers and even small IoT devices. Belgian cybersecurity experts have noticed these vulnerabilities. He was previously popular for jointly discovering a widespread Wi-Fi vulnerability in the WPA2 protocol, which led to a key reinstallation attack (commonly known as KRACK). These security vulnerabilities have been fixed by most technology companies to avoid leaking user data.
Mathy Vanhoef discovered a new set of Wi-Fi vulnerabilities, which he called “fragmentation and aggregation attacks”, or FragAttacks for short. As Gizmodo initially reported, the researchers detailed these vulnerabilities through a dedicated site.
Based on the detailed information provided online, there are 12 different security issues that could potentially leak user data or enable hackers to access the device. Vanhoef said the three vulnerabilities discovered are design flaws in the Wi-Fi standard and are therefore considered to affect most devices on the market. However, the researchers also discovered several other vulnerabilities due to programming-level issues in Wi-Fi devices.
In one case, Vanhoef pointed out that hackers can exploit Wi-Fi networks by injecting plain text aggregated frames that look like handshake messages on the system. He also mentioned another vulnerability that can be exploited by tricking the victim into inadvertently processing encrypted transmission data.
Researchers say that these issues may affect users on Wi-Fi networks based on WPA2 and even WPA3 standards. The researchers also provided a video demonstration of the key flaw.
Fortunately, Vanhoef emphasized that the design flaws he found are difficult to abuse because attackers need user interaction or need to use some unusual network settings. The vulnerability has been reported to various device manufacturers, some of whom have provided fixes for their devices. Similarly, the researchers notified the Wi-Fi Alliance and helped prepare security updates during the nine-month coordinated disclosure period.
Although it is not clear how long the vulnerability will exist, Vanhoef said on his website that even Wi-Fi’s original security protocol, WEP, was also affected. It is worth noting that it was released in 1997.
It is recommended that users install the latest software updates on their Wi-Fi devices to fix vulnerabilities. Microsoft has released updates to address three of the more common vulnerabilities in Windows 10, Windows 8.1 and Windows 7. You should install these updates on your system to ensure protection.
Similarly, companies such as Cisco, Ruckus, Intel, Lenovo, Netgear, Samsung, and Synology have issued patches for their devices. With Vanhoef’s reputation and because of his background in discovering KRACK attacks, many other companies are likely to release patches for their devices in the next few days. At the same time, if the user does not get device updates, Vanhoef recommends to alleviate this problem by only visiting websites that use HTTPS, have the latest updates, and cannot reuse passwords.
Why did LG give up its smartphone business? We discussed it on the gadget 360 podcast Orbital. Later (from 22:00), we will discuss the new cooperative RPG shooting game “Outriders”. Orbital is available for Apple Podcast, Google Podcast, Spotify and wherever you get podcasts.