A new set of vulnerabilities have been discovered in the WiFi standard that affect WiFi-enabled devices dating all the way back to 1997.
In total there are 12 different vulnerabilities which have been dubbed FragAttacks (fragmentation and aggregation attacks) by Belgian academic and security researcher Mathy Vanhoef who first discovered them nine months ago.
FragAttacks have the potential to be particularly dangerous as they could allow an attacker to gather information about the owner of a Wi-Fi-enabled device and run malicious code to compromise it even with Wi-Fi security protocols such as WEP and WPA enabled. Thankfully though, an attacker would have to be in range of a targeted device to exploit these vulnerabilities as they can not be exploited remotely.
Vanhoef provided further insight regarding the vulnerabilities he discovered on a new website dedicated to FragAttacks, saying:
“Three of the discovered vulnerabilities are design flaws in the Wi-Fi standard and therefore affect most devices. On top of this, several other vulnerabilities were discovered that are caused by widespread programming mistakes in Wi-Fi products. Experiments indicate that every Wi-Fi product is affected by at least one vulnerability and that most products are affected by several vulnerabilities.”
Just as he did then, Vanhoef immediately reported his findings to the Wi-Fi Alliance which has been working for the past nine months to correct the Wi-Fi Standard while also helping device vendors release firmware patches to address these 12 vulnerabilities.
According to a statement from the Industry Consortium for Advancement of Security on the Internet (ICASI), so far Cisco Systems, HPE/Aruba Networks, Juniper Networks, Sierra Wireless and Microsoft have published security updates and advisories on FragAttacks.
In a security update, the Wi-Fi Alliance explained that no attacks exploiting these vulnerabilities have been observed in the wild, saying:
“There is no evidence of the vulnerabilities being used against Wi-Fi users maliciously, and these issues are mitigated through routine device updates that enable detection of suspect transmissions or improve adherence to recommended security implementation practices. Wi-Fi Alliance has taken immediate steps to ensure users can remain confident in the strong security protections provided by Wi-Fi.”
In order to protect yourself from FragAttacks, the Wi-Fi Alliance recommends that users of Wi-Fi-enabled devices install the “latest recommended updates from device manufactures”.