13 May 21, 08:07
Quote:A Belgian security researcher specializing in Wi-Fi bugs has unearthed a clutch of new ones, which he called FragAttacks, that affect the Wi-Fi standard itself. The name is short for “fragmentation and aggregation attacks.”
Some bugs date back to 1997, meaning that computers, smartphones or other smart devices as old as 24 years may be vulnerable to attackers in Wi-Fi range. If attackers are near enough, they could intercept the owner’s information, trigger malicious code, and/or take over the device.
Mathy Vanhoef, the Belgian security researcher who discovered the FragAttacks, said in a Tuesday post that three of the vulnerabilities are design flaws in the Wi-Fi standard and therefore “affect most devices.” Several other vulnerabilities are caused by “widespread programming mistakes,” he said, with experiments indicating that “every Wi-Fi product is affected by at least one vulnerability,” with most affected by several.
Vanhoef knows his Wi-Fi protocols and how to shred them: He previously discovered the KRACK attack, a devastating weakness in the WPA2 protocol that allows attackers to decrypt encrypted traffic, steal data and inject malicious code, depending on the network configuration. He also found the RC4 NOMORE attack, which helped drive nails into the coffin of the RC4 encryption algorithm, as well as the Dragonblood attack against WPA3 Wi-Fi networks that would allow attackers to steal passwords.
The video below demonstrates three ways attackers can exploit the latest vulnerabilities: By intercepting victims’ authentication credentials; abusing insecure internet-of-things (IoT) devices by remotely flipping a smart power socket on and off; and by serving as a foothold to launch advanced attacks, particularly by hijacking an outdated Windows 7 machine inside a local network.
Read more: ‘FragAttacks’: Wi-Fi Bugs Affect Millions of Devices | Threatpost