According to 9to5mac, a Belgian security researcher named Matti Vanhoof, who specializes in discovering vulnerabilities in Wi-Fi security, recently found another security hole in this network. Apparently, this vulnerability known as “Frag attacks” (short for fragmentation and aggregation) is very widespread and threatens the security of millions of devices in the world.
According to Vonhoef, these security flaws may be used to steal sensitive data, control smart home devices and even control some computers. This researcher says about the performance of this type of attack, hackers intercept the user’s internet traffic by tricking her into using a malicious DNS server. In Vonhoof’s tests, two out of four home routers were vulnerable to the attack, along with several IoT devices and several smartphones.
Several other vulnerabilities are related to the process by which the Wi-Fi standard collapses and then reassembles network packets; During this operation, the hacker has the opportunity to access the user’s data by injecting his malicious code into the network.
Since this vulnerability model is a design flaw in the Wi-Fi standard, it affects most devices. In addition, several other vulnerabilities are caused by widespread errors in the programming of Wi-Fi products. VanHoof’s tests show that every Wi-Fi product is affected by at least one of these vulnerabilities, and most products are affected by multiple vulnerabilities.
The discovered vulnerabilities affect all modern Wi-Fi security protocols, including the latest WPA3 standard. Even the basic Wi-Fi security protocol known as WEP is vulnerable to these attacks. This means that several newly discovered design flaws have been part of Wi-Fi since 1997!
In a video, this researcher has shown how these three attack models work. In this video, you will first see how the flaw in the design of the aggregation system causes sensitive user information (such as username and password) to be intercepted. Then, you’ll see how hackers can take control of unsecured IoT devices by turning a smart power outlet on and off remotely.
The video finally shows how these vulnerabilities can be used for more advanced cyber attacks. For example, this video shows how a hacker can hack and control a device with an old Windows 7 operating system inside a local network.
The good news is that although these vulnerabilities are widespread, the risk of these attacks is actually very low; Because, firstly, the hacker must be close to the user, and secondly, he can use these vulnerabilities to attack only in certain circumstances, including the user’s interaction with the malicious code and the presence of unusual network settings.
But the suggested solution to protect against these attacks is to interact with websites on a secure HTTPS platform and change the IP when using public hotspots. To make sure you always interact with the HTTPS version of any website, you can install the HTTPS Everywhere extension on Firefox, Chrome, and Opera browsers; This plugin will always try to request the HTTPS version of any website if it is supported.
The recently discovered Wi-Fi vulnerability has been around since 1997
