- Vanhoef has found 12 different vulnerabilities with Wi-Fi.
- The bugs can let a threat actor attack a connected device and steal user information.
- Companies have already started rolling out security patches for these flaws
A cybersecurity researcher has discovered new vulnerabilities in Wi-Fi that largely affect every gadget that we connect to the Wi-Fi in order to access the Internet. The vulnerabilities revolve around how the Wi-Fi handles a large amount of data, as well as Wi-Fi standard.
The vulnerabilities were found by Belgian cybersecurity expert Mathy Vanhoef, who is also known for discovering the widespread Wi-Fi KRACK attack back in 2017. Vanhoef has termed the new vulnerabilities as FragAttacks, short for "fragmentation and aggregation attacks."
FragAttacks are a collection of 12 different vulnerabilities that might allow a threat actor within a Wi-Fi range to attack a connected device or even leak user information.
As per Vanhoef, nine out of the twelve flaws exist as a part of programming hiccups in specific Wi-Fi products. The other three risks are caused by baked in bugs in the Wi-Fi standard itself. The bugs are even able to impact the security protocol WEP used by some Wi-Fi networks.
The only respite that common users can have in the information is that the vulnerabilities are pretty hard to target. As pointed out by Vanhoef, any attempts to exploit the security buds require actual "user interaction" or are only possible through an obscure network setting.
A report by Gizmodo mentions that several manufacturers have already paid heed to FragAttacks. Microsoft, for example, has issued three new updates to address three of the more common vulnerabilities. These patches have been applied to Windows 10, Windows 8.1, and Windows 7. Users of these operating systems are hence advised to update their devices as soon as possible.
Netgear has also released similar patches for some of its products. An advisory page by the firm confirms that it is working on more such patches to be released in the future.
Even without the patches, Vanhoef mentioned some basic cybersecurity tips to keep one safe from FragAttacks. The use of a strong and unique Wi-Fi password, as well as websites with HTTPS encryption protocol, are some points to keep in mind in this regard.