Written by: Jay H.
On May 12, 2021, security researchers disclosed a new collection of security vulnerabilities that affect all Wi-Fi devices. These vulnerabilities, called FragAttacks, appear to impact every Wi-Fi device ever created. Here’s what you need to know about FragAttacks.
What Are FragAttacks?
FragAttacks stand for fragmentation and aggregation attacks. They are a collection of security vulnerabilities affecting Wi-Fi devices. Since three of the discovered vulnerabilities are design flaws with Wi-Fi itself, these vulnerabilities impact all Wi-Fi devices. Moreover, security researchers discovered several other vulnerabilities caused by widespread programming mistakes in Wi-Fi products.
Additionally, experiments found that at least one vulnerability impacts every Wi-Fi product, while several vulnerabilities affect most devices.
The Risk Of FragAttacks
Hackers can use FragAttacks to target Wi-Fi devices and steal user information or attack devices. For example, FragAttacks can steal data from a Wi-Fi network that should be encrypted and protected against such attacks. However, websites and applications that use HTTPS or other secure encryption are protected against these attacks.
The greatest area of concern is smart home and IoT devices. Since many cheap smart home and IoT devices do not receive regular updates, they are especially susceptible to FragAttacks. Even though these devices are on a trusted home network, FragAttacks provides a method to bypass the Wi-Fi network’s protection and directly attack the devices.
Although these security vulnerabilities appear to impact every Wi-Fi device, there is good news. First, an attacker must be within the radio range – in other words, the physical vicinity – of a victim to abuse these vulnerabilities. So, if you live in an apartment or densely-populated area, you may be at greater risk.
Also, these design flaws are difficult to exploit since doing so requires user interaction or uncommon network settings. Therefore, the biggest concern is the programming mistakes in Wi-Fi devices since they are easier to abuse.
Moreover, security researchers discovered these vulnerabilities nine months before the public disclosure this month. In this time, many companies released updates mitigating these vulnerabilities for their Wi-Fi devices.
Finally, researchers say that there is no evidence attackers are executing FragAttacks currently. Meaning, these vulnerabilities appear to be theoretical issues, but there may be an increase in risk due to the public disclosure. However, the disclosure of these vulnerabilities is extremely important so manufacturers can be proactive in issuing software patches.
How To Protect Yourself From FragAttacks
Luckily, there are steps you can take to keep your devices and networks safe from FragAttacks, including:
- Keep your devices current with security updates. You should monitor for and immediately apply all security patches and updates on all devices. So, if you are using Windows 7 or an older macOS, you need to upgrade. Also, ensure your IoT and smart home devices come from reputable manufacturers who regularly issue updates or swap them out if they do not.
- Use secure encryption. Never enter sensitive information, including usernames, passwords, and credit card information, into sites not encrypted with HTTPS. Furthermore, use secure encryption everywhere else possible through applications that provide encryption.
- Use a VPN. A VPN redirects your traffic through an encrypted connection, preventing FragAttacks.
Are you concerned about your organization’s network and device security? Need help with patch management across all of your devices? Our managed IT services can help your firm stay protected against the latest cybersecurity threats. Please contact us today if you would like to learn more.
Comments are closed.