Update Windows (and Lots of Other Stuff) ASAP: 'FragAttack' Bugs Found Lurking in Millions of Wifi Devices

Illustration for article titled Update Windows (and Lots of Other Stuff) ASAP: 'FragAttack' Bugs Found Lurking in Millions of Wifi Devices
Photo: Nicolas Asfouri (Getty Images)

A slew of new wifi vulnerabilities impact everything from cellphones and routers to, well, anything wifi-connected, according to a new report by a Belgian cybersecurity expert.

Advertisement

Mathy Vanhoef—who you might know for co-discovering the widespread wifi KRACK attack back in 2017—dubbed this new collection of vulnerabilities “fragmentation and aggregation attacks,” or FragAttacks for short. In a nutshell, these are a collection of 12 different vulnerabilities that could potentially leak user information or attack a given device, if probed by a bad actor within wifi range.

Per Vanhoef’s explanation on the dedicated FragAttacks site he set up, nine of these flaws stem from programming hiccups in specific wifi products, and the other three are due to-baked in bugs in the wifi standard itself—even the security protocol some wifi networks use, called WEP, is impacted.

The good news here is that these particular flaws are pretty hard to probe, since it either requires actual “user interaction,” or is only possible when using an obscure network setting, Vanhoef wrote.

The good news here is that manufacturers are already patching their products against future FragAttacks, just in case. Yesterday, for example, Microsoft issued three separate updates to address three of the more common vulnerabilities and applied these patches to Windows 10, Windows 8.1, and Windows 7. If any of those are your OS of choice, you should update those devices ASAP. Netgear, meanwhile, already put up an advisory page about these attacks, saying that the company has already pushed out a few patches for some of their products, with more on the way.

Even if your devices aren’t patched yet, Vanhoef recommended some basic cybersecurity tips to keep yourself safe from any fraggers hiding in the shadows: use a strong, unique Wi-Fi password, and make sure you’re connecting to websites using the HTTPS encryption protocol whenever possible.

Read more details about wifi FragAttacks on Vanhoef’s website here.

Advertisement

I cover the business of data for Gizmodo. Send your worst tips to swodinsky@gizmodo.com.

DISCUSSION

sergioar
Unspiek, Baron Bodissey wants to speak to the manager

Per Vanhoef’s explanation on the dedicated FragAttacks site he set up, nine of these flaws stem from programming hiccups in specific wifi products, and the other three are due to-baked in bugs in the wifi standard itself—even the security protocol some wifi networks use, called WEP, is impacted. (emphasis mine).

Am I reading this right? WEP was deprecated long ago in favor of WPA (and now WPA2) or better wireless security. Cracking WEP was trivial almost from the start: given a good choice of a target you could crack a WEP password in as little as five minutes so I’m not sure why cracking WEP is news at all. With a suitable hacking Linux distro I cracked my own network in five minutes and after reading about 35K packets *in an old Pentium 4 laptop*.

And IIRC various kinds of fragmentation attacks were in the menu of the hacking distribution I used which again IIRC was Kali Linux so, I don’t see anything new in here or why this is actual.