The recently discovered Wi-Fi security vulnerabilities known as FragAttacks have been affecting all Wi-Fi devices (including computers, smartphones and smart devices) since 1997.
Three of these errors are the typical Wi-Fi 802.11 design flaws in frame aggregation and frame fragmentation functions that affect most devices, while others are programming errors in Wi-Fi products.
"Experiments show that every Wi-Fi product is affected by at least one vulnerability, and that most products are affected by many vulnerabilities," said security researcher Mathy Vanhoef (New York University Abu Dhabi), who discovered the FragAttacks bugs.
"The vulnerabilities discovered affect all modern Wi-Fi security protocols, including the latest WPA3 specification. "Even the original Wi-Fi security protocol, called WEP, is affected."
"This means that many of the recently discovered design flaws have been part of Wi-Fi since its release in 1997!" Vanhoef added.
Attackers who abuse these design and implementation flaws must be within range of targeted Wi-Fi devices to steal sensitive user data and execute malicious code after a successful exploit, possibly leading to a full takeover of devices.
Fortunately, as Vanhoef found it, "design flaws are hard to misunderstand because they require user interaction or are only possible when using unusual network settings."
However, the programming bugs behind some of the FragAttacks vulnerabilities are insignificant to exploit and would allow intruders to abuse unrepaired Wi-Fi products with ease.
FragAttacks CVE-related Wi-Fi design flaws are:
Wi-Fi application vulnerabilities were assigned to the following CVEs:
Other application flaws discovered by Vanhoef are:
Security updates have already been released by some vendors
The Internet Safety Promotion Industrial Consortium (ICASI) says vendors are developing patches for their product to reduce FragAttacks errors.
Cisco Systems, HPE / Aruba Networks, Juniper Networks, Sierra Wireless, and Microsoft have already released security updates and tips for FragAttacks.
Source of information: bleepingcomputer.com