Researcher finds dangerous flaws in Wi-Fi devices going back to 1997: Here's why you need to update immediately
Users who are concerned about their security should immediately update affected Wi-Fi enabled devices to the latest version – while keeping an eye out for router firmware updates via the manufacturer’s website.
A Belgian security researcher recently discovered a vulnerability in the Wi-Fi standard that is relied on by billions of wireless devices – allowing hackers to perform dangerous “Frag Attacks” on new devices that feature the latest security features, as well as older ones dating all the way back to 1997.
The dozen-odd flaws were discovered by security researcher Mathy Vanhoef, the researcher who was credited with discovering the infamous Wi-Fi Key Reinstallation Attack (or KRACK Attack) in 2017. According to VanHoef, the FragAttack flaws could affect every device from those with WPA3 security enabled to the old (and insecure) WEP security standard.
The researcher published the findings on his blog, stating that he had studied a total of 75 devices in all. These covered operating systems like Windows, macOS, Linux, Android and iOS, along with various network cards. He found that every single system was affected by the vulnerabilities, and they could be used to attack devices on a home network such as smart home and Internet of Things (IoT) devices, as they are rarely updated.
There is some good news, though. Most of the flaws discovered by Vanhoef required physical interaction or being close to the Wi-Fi access point, which means that many users will likely not be affected by the flaws. Meanwhile, Microsoft Windows systems should already be patched as the company pushed out updates containing relevant fixes in March. If you run a Linux-kernel based operating system, you may want to install upcoming kernel updates to be safe from the vulnerabilities.
Users who are concerned about their security should immediately update affected Wi-Fi enabled devices to the latest version – while keeping an eye out for router firmware updates via the manufacturer’s website as these devices are usually the last to receive updates. Users can also set their DNS manually to a provider (like Cloudflare or NextDNS) and disable “fragmentation”, “pairwise rekeys” and turning off “dynamic fragmentation” on modern Wi-Fi devices, according to Vanhoef.