scorecardresearch
Follow Us:
Sunday, June 13, 2021

‘FragAttacks’: New set of WiFi vulnerabilities expose millions of devices to attacks

A number of vulnerabilities in Wi-Fi products have likely left users open to attacks as millions of devices are impacted, according to cybersecurity expert Mathy Vanhoef

By: Tech Desk | Chandigarh |
May 14, 2021 11:15:52 am
WiFi, WiFi vulnerabilities, WiFi security flaw, FragAttacks, FragAttacks WiFi, What is FragAttacks, FragAttacks issue, Windows security update‘FragAttacks’ or fragmentation and aggregation attacks, as Vanhoef has named these, can allow an attacker who is within range of one’s Wi-Fi device to steal user information. (Representational Image)

A number of vulnerabilities in a majority of Wi-Fi products have likely left users open to attacks and millions of devices are believed to be impacted. The flaws named FragAttacks were discovered by cybersecurity expert Mathy Vanhoef, a postdoctoral researcher at the New York University of Abu Dhabi. Vanhoef previously highlighted Kracattacks, which were a serious flaw in WPA2, a protocol used to secure protected Wi-Fi networks.

‘FragAttacks’ or fragmentation and aggregation attacks, allow an attacker who is within range of one’s Wi-Fi device to steal user information, including sensitive information such as passwords. According to the researcher, while three are design flaws in the Wi-Fi standard, “several other vulnerabilities were discovered that are caused by widespread programming mistakes in Wi-Fi products.”

Vanhoef has created a dedicated site ‘Fragattacks’ to explain the issue in detail and he states that almost “every Wi-Fi product is affected by at least one vulnerability and that most products are affected by several vulnerabilities.”

He also notes that while the design or hardware level flaws are much harder to exploit, the programming mistakes are quite easy to abuse. “In experiments on more than 75 devices, all of them were vulnerable to one or more of the discovered attacks,” according to Vanhoef.

There are security updates available for some of the products. Microsoft, for instance, has rolled out Windows 10, Windows 8.1 and Windows 7 update, which has patches for these vulnerabilities. Netgear, which is known for its WiFi routers, has also pushed out a security advisory for FragAttacks along with updates for its products, and users should install these as soon as possible.

The researcher also notes that the “security updates were prepared during a 9-month-long coordinated disclosure that was supervised by the Wi-Fi Alliance and ICASI.”

In its security update Netgear also notes that in order to exploit the flaws, the hacker must know or somehow obtain the user’s WiFi password and be within “physical proximity of your WiFi network” in order to “intercept communications between your router and the devices on your WiFi network.”

But the page notes that these “vulnerabilities can be used to withdraw data without your knowledge and can lead to other exploits.”

📣 The Indian Express is now on Telegram. Click here to join our channel (@indianexpress) and stay updated with the latest headlines

For all the latest Technology News, download Indian Express App.

  • The Indian Express website has been rated GREEN for its credibility and trustworthiness by Newsguard, a global service that rates news sources for their journalistic standards.
Advertisement
Advertisement
Advertisement
Advertisement