"All Wi-Fi Devices Impacted by New FragAttacks Vulnerabilities"
Mathy Vanhoef, a researcher at New York University Abu Dhabi, discovered a set of new Wi-Fi security vulnerabilities dubbed FragAttacks (fragmentation and aggregation attacks). These vulnerabilities impact all computers, smartphones, and other Wi-Fi devices released since 1997. Three of the vulnerabilities are said to be Wi-Fi 802.11 standard design flaws in the frame aggregation and fragmentation functionalities, while the other vulnerabilities stem from widespread programming mistakes made in Wi-Fi products. Experiments conducted by Vanhoef show that every Wi-Fi product is affected by at least one of the vulnerabilities and that most Wi-Fi products are impacted by many vulnerabilities. According to Vanhoef, the discovered vulnerabilities affect all Wi-Fi security protocols, including WEP and WPA3. Attackers have to be in the Wi-Fi range of targeted devices in order to abuse these design and implementation flaws. The exploitation of these flaws can allow attackers to steal sensitive user data and execute malicious, which could lead to the full takeover of devices. Vendors are developing patches for their products to mitigate the FragAttacks bugs. Cisco Systems, HPE/Aruba Networks, Juniper Networks, Microsoft, and more, have already released security updates and advisories for FragAttacks security. This article continues to discuss the discovery, impact, and mitigation of the FragAttacks vulnerabilities.
Bleeping Computer reports "All Wi-Fi Devices Impacted by New FragAttacks Vulnerabilities"