FragAttacks- A Newly Discovered Threat
A Belgian cybersecurity researcher Mathy Vanhoef has revealed in his latest blog post that newly discovered vulnerabilities dubbed FragAttacks (fragmentation and aggregation attacks) are pervasive and put at risk all devices with WiFi.
The flaws stem from some bugs that date back to 1997. It is alarming that the vulnerabilities caused by programming issues in WiFi-enabled devices and impact all WiFi devices.
Vanhoef is the same researcher who discovered the KRACK (Key Reinstallation Attacks) vulnerabilities in 2017.
How the Attack Works?
The vulnerabilities, if exploited, allow anyone within the radio range to target devices and steal user data. However, it is quite difficult to exploit the flaws as the attack relies on relatively uncommon network settings and user interaction.
According to Vanhoef some of the flaws can be exploited to inject plaintext frames into any secure WiFi network. It is an easy method to infect a network as certain devices accept plaintext aggregated frames that seem like handshake messages, explained Vanhoef. The attacker can also intercept traffic simply by prompting the victim into using an infected DNS server.
Vanhoef tested four home routers and identified that two of them were affected by this vulnerability, as well as specific IoT devices and smartphones. He tested several devices, including Google, Apple, Samsung, and Huawei smartphones, MSI, Dell, and Apple computers, Canon and Xiaomi IoT devices, D-Link, Linksys, and Asus routers, and Cisco, Aruba, and Lancom access points.
Vulnerabilities Impact All WiFi Security Protocols
Almost all WiFi security protocols are affected by the vulnerabilities, including the old one WEP and the latest one WPA3. That’s why Va ..
Support the originator by clicking the read the rest link below.
