Attackers have exploited the wifi vulnerability to perform data theft and spread malicious code that affects the device.
Belgian security researcher Mathy Vanhoef found 12 critical security flaws, which attackers exploited to perform a fragmentation and aggregation attack known as FragAttacks.
Among the errors raised, there are errors that stem from wifi standards dating back to 1997, the rest are common programming errors. Tests show that every wifi product today is affected by at least one vulnerability.
FragAttacks are said to be particularly dangerous because they can allow attackers to gather information about the owner of a Wi-Fi enabled device and run malicious code to compromise the device even with security protocols enabled. WEP or WPA. However, attackers are required to be within range of the device because the FragAttacks attack mechanism cannot be performed remotely.
This is not the first time Vanhoef found vulnerabilities in the wifi device, he previously discovered two vulnerabilities KRACK and Dragonblood. These two vulnerabilities were reported to the wifi Alliance, which then worked with wifi providers to update these bugs.
Microsoft released an update to patch 3 out of 12 security flaws in March 2021. Several major technology companies such as Cisco Systems, HPE/Aruba Networks, Juniper Networks or Sierra Wireless have published security updates and advice on FragAttacks.
To protect you from FragAttacks, the Wifi Alliance recommends that users of Wi-Fi enabled devices install the latest recommended updates from the device manufacturers. Doing this enables suspicious traffic to be detected or improves compliance with recommended security implementations.