Security News > 2021 > May > ‘FragAttacks’: Wi-Fi Bugs Affect Millions of Devices
Some bugs date back to 1997, meaning that computers, smartphones or other smart devices as old as 24 years may be vulnerable to attackers in Wi-Fi range.
The video below demonstrates three ways attackers can exploit the latest vulnerabilities: By intercepting victims' authentication credentials; abusing insecure internet-of-things devices by remotely flipping a smart power socket on and off; and by serving as a foothold to launch advanced attacks, particularly by hijacking an outdated Windows 7 machine inside a local network.
Yaniv Bar-Dayan, CEO and co-founder at the vulnerability management provider Vulcan Cyber, agrees that an attack is unlikely, though we should take frag attacks against Wi-Fi devices quite seriously - they can, after all, be exploited to steal user data or attack devices.
The company said that "Devices using encryption schemes from WEP up to WPA3 are affected industry wide," though an attacker would again need to either "Have a device under their control already on the target network or to be in proximity of the Wi-Fi network and trick a user on the network to visit the attacker's server." The company says it's working with vendors and manufacturers to get patches out and into customers' devices "As soon as possible."
Besides basic security protections - don't click on unexpected emails or visit fishy websites - Linksys also recommends periodically checking that there are no unfamiliar devices connected to your network.
Using a VPN can prevent attacks where an adversary is trying to exfiltrate data, but it won't prevent an attacker from bypassing your router's NAT/firewall to directly attack devices.
News URL
https://threatpost.com/fragattacks-wifi-bugs-millions-devices/166080/