“Frag Attack” flaws threaten Wi-Fi, but not so seriously

Almost all Wi-Fi is potentially vulnerable to flaws dating back to 1997 on the market, but even those who discover the weaknesses say some of them are difficult to exploit.

Mathy Vanhoef, a postdoc in NYU Abu Dhabi, has created attacks that exploit vulnerabilities (FragAttacks), but in academic papers on them, the most widespread vulnerabilities can only be exploited under certain rare conditions. It states that there is. Success requires user interaction or a very unusual configuration.

Other vulnerabilities (what vendors call programming mistakes in Wi-Fi products) are easily exploited.

According to Vanhoef’s website on FragAttacks, his exploits could allow an attacker within wireless range to steal user information or attack devices on the user network. Defects fall into two categories. It’s in the Wi-Fi standard itself, and therefore affects most devices, and is caused by widespread programming mistakes in the implementation of individual Wi-Fi products.

Of the major Wi-Fi vendors, only Aruba / HPE and Huawei have publicly approved disclosure of Frag Attack flaws. Aruba has released a statement that the access point contains a flaw, but prior to this week’s disclosure, it updated the software and provided documentation detailing the patched AP.

Huawei said it had “started an immediate investigation” and promised to keep it up to date as more information was shared. Cisco and Ubiquiti refused to provide public comments as of Friday afternoon.

Copyright © 2021 IDG Communications, Inc.

“Frag Attack” flaws threaten Wi-Fi, but not so seriously

Source link “Frag Attack” flaws threaten Wi-Fi, but not so seriously

Related Articles

Back to top button