IT researcher finds widespread flaws in Wi-Fi security

Hackers could exploit vulnerabilities in millions of devices

A person touching a spartphone screen with a Wi-Fi signal logo floating above it

A cyber security researcher known for finding vulnerabilities in Wi-Fi security has discovered new flaws embedded in millions of Wi-Fi devices over the past two decades.

Hackers could theoretically use these vulnerabilities to steal data or take over smart home devices equipped with Wi-Fi. However, experts believe the actual risk for most Wi-Fi users is relatively small.

Belgian Mathy Vanhoef found the security flaws and calls them “frag attacks.” 

Vanhoef is well-known in IT security circles for discovering a major Wi-Fi security flaw he named KRACK, short for Key Reinstallation Attack. KRACK allowed hackers to steal data, including login credentials, private chats, and credit card information, transmitted over Wi-Fi networks.

In contrast, there’s no evidence hackers are carrying out “frag attacks” at this point.

The new security flaws that Vanhoef found are even present in WPA3, also known as Wi-Fi Protected Access 3, the most updated Wi-Fi security protocol. The Wi-Fi Alliance rolled out the WPA3 certification in 2018 to protect a wider range of devices from security risks. 

“Even the original Wi-Fi security protocol, called WEP, is affected. This means several of the newly discovered design flaws have been part of Wi-Fi since its release in 1997,” the researcher wrote when detailing frag attacks.

Related Resource

X-Force threat intelligence index

Understand the threat landscape with fresh intelligence

X Force threat intelligence indexDownload now

“An adversary that is within radio range of a victim can abuse these vulnerabilities to steal user information or attack devices,” Vanhoef wrote. “Three of the discovered vulnerabilities are design flaws in the Wi-Fi standard and therefore affect most devices.”

The researcher also posted a video demonstrating how the attacks work.

Fortunately, the risk is minimal for ordinary, everyday Wi-Fi users. As an additional security measure, experts advise using VPNs on public Wi-Fi hotspots and using HTTPS websites when possible.

Like with his previous “KRACK attacks” discovery, Vanhoef informed the Wi-Fi Alliance of his discovery of “frag attacks.” According to the Industry Consortium for Advancement of Security on the Internet (ICASI), Wi-Fi device manufacturers are developing fixes. 

“We would like to thank Mathy Vanhoef... for identifying these issues, reporting them to industry and participating in the coordinated disclosure of these issues,” ICASI said.

Featured Resources

The definitive guide to warehouse efficiency

Get your free guide to creating efficiencies in the warehouse

Free download

The total economic impact™ of Datto

Cost savings and business benefits of using Datto Integrated Solutions

Download now

Three-step guide to modern customer experience

Support the critical role CX plays in your business

Free download

Ransomware report

The global state of the channel

Download now

Recommended

Researchers disclose top flaws abused by ransomware gangs
ransomware

Researchers disclose top flaws abused by ransomware gangs

20 Sep 2021
Best MDM solutions 2020
mobile device management (MDM)

Best MDM solutions 2020

17 Sep 2021
How do hackers choose their targets?
hacking

How do hackers choose their targets?

17 Sep 2021
Owner of DDoS for hire sites found guilty of hacking offences
distributed denial of service (DDOS)

Owner of DDoS for hire sites found guilty of hacking offences

17 Sep 2021

Most Popular

What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

8 Sep 2021
Google takes down map showing homes of 111,000 Guntrader customers
data breaches

Google takes down map showing homes of 111,000 Guntrader customers

2 Sep 2021
Intuit plans end-to-end SMB platform after $12 billion Mailchimp acquisition
mergers and acquisitions

Intuit plans end-to-end SMB platform after $12 billion Mailchimp acquisition

14 Sep 2021