Researcher uncovers Wi-Fi vulnerabilities that have existed since 1997

The security researcher who was behind the discovery of the Krack Wi-Fi vulnerability has identified many new flaws with the wireless protocol majority of us are using.

These vulnerabilities are related to how Wi-Fi handles large volumes of data, with some connected to the Wi-Fi standard alone, and some to how it’s implemented by manufacturers of tech devices.

The researcher, Mathy Vanhoef, has named the vulnerabilities “FragAttacks,” which is made from the combination of “fragmentation” and “aggregation.” He has revealed that the vulnerabilities could be taken advantage of by hackers, enabling them to access sensitive data, or showcase users’ fake sites, even when the network is secured with WPA2 or even WPA3. There is also a high chance for the hackers to exploit other devices that are connected to the home network.

Twelve attack vectors have been identified that fall under this category and they all work in many different ways. Vanhoef has provided all the vulnerability related information to the Wi-Fi Alliance so corrective measures could be taken before it is announced to the public.

Moreover, Vanhoef has stated that he’s not aware of any such instances of the vulnerabilities being taken advantage of in the wild. He also said that some of these vulnerabilities are not easy to exploit, however, others can be taken advantage of.

He added that some of the flaws can be taken advantage of on networks leveraging the WEP security protocol, which suggests that these flaws have been around since Wi-Fi was first introduced in 1997.

Vanhoef has revealed that these vulnerabilities can be found across many devices, which means updating these will require a lot of effort.

Updating Wi-Fi infrastructure can be challenging as some of these devices can be obsolete, which means the manufacturers are either no longer available or the technology is outdated and no patches are being released. As a user you must keep an eye on the manufacturer’s website to check if any updates have been released.