More and more devices that we have connected to Wi-Fi. The use of wireless networks has increased notably in recent years and that is thanks to the improvement in speed and stability. However, sometimes failures may arise that affect security. This is what has happened with FragAttacks , a series of vulnerabilities that affects all devices that have Wi-Fi. We are going to explain what it consists of.
Any computer with Wi-Fi is vulnerable to FragAttacks
A group of security researchers has discovered some vulnerabilities that they have named FragAttacks. At least one of these flaws affects any computer that has Wi-Fi connectivity, a problem that can undoubtedly put many users at risk.
Mathy Vanhoef is behind this discovery. It is now 9 months since you saw these issues and so far it has not been made public once the patches are available. Some of the vulnerabilities have been around since no less than 1997.
Of course, it must be borne in mind that most attacks are very difficult to carry out. They will also require user interaction, making it very difficult for a potential hacker to take advantage of these flaws and deploy their threats. However, we must always correct them.
Some of the discovered vulnerabilities allow an attacker to inject code in plain text. It could be exploited by an attacker to create a hole in the firewall and control a vulnerable Windows 7 computer.
But without a doubt the biggest risk, as Mathy Vanhoef indicates, is that they can be used to attack computers from what is known as the Internet of Things. We have more and more IoT devices in homes and this could be the gateway for cybercriminals.
Especially we must bear in mind that the smart devices that we have connected to the Internet are rarely updated. They do not usually receive patches or users do not usually install them. They trust that it is not necessary as long as it works well for them.
We can see a video of Mathy Vanhoef’s demonstration of how he can exploit, with three examples, these vulnerabilities.
The vulnerabilities, which are 12 in total, have CVSS scores between 4.8 and 6.5 . We already know that there are different methods of stealing Wi-Fi.
Updates to fix FragAttacks
Luckily updates are available to correct these vulnerabilities that affect Wi-Fi enabled devices. These updates have been prepared during the last months, with the supervision of the Wi-Fi Alliance and ICASI. Windows has already released patches, just as Linux is slowly shipping the updates.
However, some of these failures affect many more devices , as we have mentioned. Some computers may take longer to receive updates or may not even receive them. In this case we can mitigate most of the attacks by ensuring that the web pages use HTTPS. In this way we prevent the information that we send and receive from leaking. Also, we can manually configure the DNS server to avoid part of the attacks.
We can see all the information on the website where Mathy Vanhoef collects all the data. From this article we recommend keeping our equipment updated, regardless of the type of device or the operating system we are using.