New WiFi FragAttacks vulnerability exposed

Some network security researchers have discovered a series of different vulnerabilities in the wireless transmission protocol, that is, WiFi. These vulnerabilities are all related to the way WiFi handles large blocks of data, some are related to the WiFi standard itself, and some are related to the implementation of the device manufacturer that can cause users to be stolen network data even with password protection.

The researcher who discovered these vulnerabilities was Mathy Vanhoef, who called these vulnerabilities “FragAttacks.” Mathy Vanhoef said that hackers can use these vulnerabilities to intercept users’ sensitive data or induce users to click on fake pages, even if the user’s WiFi network uses WPA2 or WPA3 encryption.

A total of 12 vulnerabilities were discovered this time, and they were all attacked in different ways. Some vulnerabilities are to execute attacks based on fragmented caches, and some are to use protected network fragments to accept blank text data frames, etc.

The researcher says: “Three of the discovered vulnerabilities are design flaws in the Wi-Fi standard and therefore affect most devices. On top of this, several other vulnerabilities were discovered that are caused by widespread programming mistakes in Wi-Fi products. Experiments indicate that every Wi-Fi product is affected by at least one vulnerability and that most products are affected by several vulnerabilities.”

Because these vulnerabilities are implemented based on the working principle of WiFi, even the first-generation WiFi devices launched in 1997 will be affected. Fortunately, some manufacturers have already launched security fixes and updates for these vulnerabilities, such as Microsoft, Intel, Netgear, and Samsung.