Last updated on
May 14, 2021, 06:38 pm
You might have heard of frag grenades, but now there’s an equally destructive security vulnerability affecting the Wi-Fi standard. The “FragAttacks” loophole is all encompassing and it not only affects the usual smartphones, computers, and tablets, but essentially anything with Wi-Fi capability.
The exploit allows attackers to steal information, inject data packets, and cause Denial-of-Service attacks while bypass existing security measures over protected networks.
Some FragAttacks flaws are trivial enough to be exploited easily
Named after combining the underlying fragmentation and aggregation attacks, Belgian security expert Mathy Vanhoef explains that the FragAttacks vulnerability includes a range of flaws.
Some of these flaws are difficult to exploit, whereas others are trivial enough for low-level cybercriminals to leverage. It is therefore important to heed Vanhoef’s advice to update devices, desist from sharing passwords, backup data, and avoid sketchy websites.
Every Wi-Fi capable device ever made is vulnerable to FragAttacks
The staggering scale of these vulnerabilities even affects the latest WPA3 Wi-Fi security protocol. The threat spectrum extends to devices conforming to the Wi-Fi standard since its inception in 1997. Basically, no device with Wi-Fi capability is immune to this security time bomb.
This complicates matters because the affected devices include manufacturers which have ceased to even exist, let alone release a security patch.
Tech manufacturers issue patches, but covering all products is impossible
Thankfully, Vanhoef helped the Wi-Fi Alliance to issue patches before going public with his findings. That allowed major technology firms such as Cisco, Netgear, Synology, Intel, Microsoft, Samsung, and Lenovo to issue patches.
That’s not an invitation for complacency. It is impossible for all companies to issue patches for every single product, so the onus lies on users to ensure their devices are secure.
Flaw comes days after Qualcomm vulnerability affecting 40-percent Android phones
The Wi-Fi vulnerability comes hot on the heels of another Qualcomm exploit allowing hackers to compromise modem chips. This enables them to access call and text history, in addition to recording even phone calls without user consent.
The worst part is that Qualcomm was aware of this vulnerability since October last year, but the exploit still hasn’t been fixed as of this writing.