Nearly all Wi-Fi devices are vulnerable to new FragAttacks2021-05-12 16:35 by Daniela
A new set of vulnerabilities have been discovered in the WiFi standard that affect WiFi-enabled devices dating all the way back to 1997. Mathy Vanhoef, the Belgian security researcher who discovered the FragAttacks, said in a Tuesday post that three of the 12 vulnerabilities are design flaws in the Wi-Fi standard and therefore "affect most devices." Several other vulnerabilities are caused by "widespread programming mistakes," he said, with experiments indicating that "every Wi-Fi product is affected by at least one vulnerability," with most affected by several.
It doesn't matter if your device is using the original WEP security protocol or the latest WPA3 spec, the vulnerabilities were discovered in older sections of the Wi-Fi protocol, and those sections has never been updated or improved so are present on all devices. The good news is, the design flaws are hard to exploit as they require user interaction, but the programming mistakes are trivial to take advantage of.
As a result, some fixes have already been released or are in the pipeline. Microsoft has addressed three of the 12 bugs that impact Windows systems in patches released on March 9th, according to cybersecurity news site The Record. A patch to the Linux kernel is also working its way through the release system, reports ZDNet.
The likes of Cisco, Juniper Networks, Sierra Wireless and HPE/Aruba Networks have also begun developing patches to mitigate the vulnerabilities, according to the Industry Consortium for Advancement of Security on the Internet (ICASI). You can check if your device has received patches for any of the 12 frag attacks by checking its firmware changelogs and looking for updates that relate to the CVE identifiers listed on the ICASI's website. If you're still unsure, however, Vanhoef recommends accessing sites via secure HTTPS connections.
Read more -here-