At a time when Android OEMs are still in the process of rolling out patches to fix the Qualcomm modem vulnerability, Belgian security researcher Mathy Vanhoef has discovered 12 different vulnerabilities that impact most Wi-Fi-enabled devices. Vanhoef calls the collection of vulnerabilities “FragAttacks,” and he claims that attackers can exploit them to access your data.
Vanhoef has setup up a new FragAttacks website explaining the new Wi-Fi vulnerabilities (via Gizmodo), which states that nine of the twelve flaws stem from programming errors in specific Wi-Fi devices, and the other three are a result of bugs in the Wi-Fi standard itself. “Fortunately, the design flaws are hard to abuse because doing so requires user interaction or is only possible when using uncommon network settings. As a result, in practice the biggest concern are the programming mistakes in the Wi-Fi products since several of them are trivial to exploit,” the website states.
Vanhoef has also shared a video demonstrating how an attacker can abuse the vulnerabilities. If you’re interested in the technical details, you can watch the video embedded below or head over to the FragAttacks site.
It’s worth noting that the Wi-Fi Alliance and device vendors are already aware of the new vulnerabilities, and a few have started rolling out patches for some of their products. A report from The Verge reveals that Microsoft, Eer, Aruba, Cisco, Ruckus, Intel, Juniper, Lancom, Lenovo, Linux Wireless, Mist, Netgear, Samsung, Synology, and Zyxel have released patches for some of their products. If your device hasn’t received a patch so far, Vanhoef recommends taking the usual precautions: “update your devices, don’t reuse your passwords, make sure you have backups of important data, don’t visit shady websites, and so on.”