A researcher discovered wi-fi vulnerabilities that no one had ever noticed
The most commonly used protocol to connect to the internet had 12 vulnerabilities that a malicious hacker could exploit. Now thanks to Mathy Vanhoef the design and programming errors have been identified and patched
(photo: Getty Images) The wi-fi protocol used by everyone to connect to the internet has a series of flaws and vulnerabilities that have always been present and that until now no one had ever noticed, until today.I found some design and implementation flaws in Wi-Fi again. All Wi-Fi devices are affected. It was a long ~ 9 months embargo, over this time a lot of info has been collected and that info now available at https://t.co/nAQtK9XY0R
- Mathy Vanhoef (@vanhoefm) May 11, 2021
The discovery was made by security researcher Mathy Vanhoef (who had already discovered the widespread attack called Krack Wi-Fi in 2017). Vanhoef collected the 12 wi-fi vulnerabilities in a report called FrAgAttack (fragmentation and aggregation attacks). According to Vanhoef, an attacker who is within range of a victim's wi-fi could abuse these vulnerabilities to steal user information or attack their devices.
Three of the vulnerabilities discovered are flaws in design of the standard adopted in modern Wi-Fi security protocols, including the latest Wpa3 specification, and for this reason they affect most devices. The other vulnerabilities are caused by programming errors.
The experiments conducted by the researcher have shown that every wi-fi product is affected by at least one of the 12 identified vulnerabilities, and that most of these products even have them more than one.
The weaknesses discovered have revealed as many potential attack vectors that could be exploited to hack a device through, for example, the exploitation of routers that accept plain text during the handshake or those that store the cached data in certain types of networks.
"The discovery of these vulnerabilities is a surprise, because the security of wi-fi has actually improved significantly in recent years", writes Mathy Vanhoef on the dedicated blogpost to the discovery. "Unfortunately, a feature that could have prevented one of the newly discovered design flaws has not been adopted into practice, and the other two design flaws are present in a wi-fi feature that had not previously been extensively studied," he continues. the researcher, highlighting how important it is to analyze the safety protocols of even the most well-known products, those that everyone believes to be extensively tested and controlled.
The discovery was made 9 months ago and all this time it has been kept under embargoed to allow companies to provide security updates that patched these defects, which many vendors have already released.
Web - 15 minutes ago
Biden signed an executive order to avert new cybersicur disasters ezza
adsJSCode ("nativeADV1", [[2,1]], "true", "1", "native", "read-more", "1"); Business - 5 hours ago
Europe risks being left out of the big game of underwater internet networks
adsJSCode ("nativeADV2", [[2,1]], "true", " 2 "," native "," read-more "," 2 "); Consumi - 22 hours ago
Fastweb bets on a modem designed for the smart home
Topics
Cybersecurity Internet globalData.fldTopic = "Cybersecurity, Internet"
You may be interested also
This opera is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License.