IT researcher finds widespread flaws in Wi-Fi security

Hackers could exploit vulnerabilities in millions of devices

A person touching a spartphone screen with a Wi-Fi signal logo floating above it

A cyber security researcher known for finding vulnerabilities in Wi-Fi security has discovered new flaws embedded in millions of Wi-Fi devices over the past two decades.

Hackers could theoretically use these vulnerabilities to steal data or take over smart home devices equipped with Wi-Fi. However, experts believe the actual risk for most Wi-Fi users is relatively small.

Belgian Mathy Vanhoef found the security flaws and calls them “frag attacks.” 

Vanhoef is well-known in IT security circles for discovering a major Wi-Fi security flaw he named KRACK, short for Key Reinstallation Attack. KRACK allowed hackers to steal data, including login credentials, private chats, and credit card information, transmitted over Wi-Fi networks.

In contrast, there’s no evidence hackers are carrying out “frag attacks” at this point.

The new security flaws that Vanhoef found are even present in WPA3, also known as Wi-Fi Protected Access 3, the most updated Wi-Fi security protocol. The Wi-Fi Alliance rolled out the WPA3 certification in 2018 to protect a wider range of devices from security risks. 

“Even the original Wi-Fi security protocol, called WEP, is affected. This means several of the newly discovered design flaws have been part of Wi-Fi since its release in 1997,” the researcher wrote when detailing frag attacks.

Related Resource

X-Force threat intelligence index

Understand the threat landscape with fresh intelligence

X Force threat intelligence indexDownload now

“An adversary that is within radio range of a victim can abuse these vulnerabilities to steal user information or attack devices,” Vanhoef wrote. “Three of the discovered vulnerabilities are design flaws in the Wi-Fi standard and therefore affect most devices.”

The researcher also posted a video demonstrating how the attacks work.

Fortunately, the risk is minimal for ordinary, everyday Wi-Fi users. As an additional security measure, experts advise using VPNs on public Wi-Fi hotspots and using HTTPS websites when possible.

Like with his previous “KRACK attacks” discovery, Vanhoef informed the Wi-Fi Alliance of his discovery of “frag attacks.” According to the Industry Consortium for Advancement of Security on the Internet (ICASI), Wi-Fi device manufacturers are developing fixes. 

“We would like to thank Mathy Vanhoef... for identifying these issues, reporting them to industry and participating in the coordinated disclosure of these issues,” ICASI said.

Featured Resources

How to choose an AI vendor

Five key things to look for in an AI vendor

Download now

The UK 2020 Databerg report

Cloud adoption trends in the UK and recommendations for cloud migration

Download now

2021 state of email security report: Ransomware on the rise

Securing the enterprise in the COVID world

Download now

The impact of AWS in the UK

How AWS is powering Britain's fastest-growing companies

Download now

Recommended

ProtectedBy.AI’s CodeLock blocks malware at source code level
software as a service (SaaS)

ProtectedBy.AI’s CodeLock blocks malware at source code level

9 Jun 2021
CISOs aren’t leading by example when it comes to cyber security
cyber security

CISOs aren’t leading by example when it comes to cyber security

24 May 2021
New report highlights the need for diversity in cyber security recruitment
cyber security

New report highlights the need for diversity in cyber security recruitment

28 Apr 2021
Putin open to handing cyber criminals over to US
hacking

Putin open to handing cyber criminals over to US

14 Jun 2021

Most Popular

Ten-year-old iOS 4 recreated as an iPhone app
iOS

Ten-year-old iOS 4 recreated as an iPhone app

10 Jun 2021
Fastly blames software bug for major outage
public cloud

Fastly blames software bug for major outage

9 Jun 2021
GitHub to prohibit code that’s used in active attacks
cyber security

GitHub to prohibit code that’s used in active attacks

7 Jun 2021