By B.N. Frank
Privacy and security experts continue to warn about vulnerabilities with ALL wireless-connected devices and technology (see 1, 2, 3, 4, 5, 6, 7) including 5G (see 1, 2, 3) and Internet of Things (IoT) (see 1, 2, 3, 4)
Safer and more secure internet access can be achieved with a hard-wired internet connection (see 1, 2, 3, 4, 5, 6). Those who choose to use Wi-Fi anyway are putting their privacy, safety, and health at risk as well as their families’. A university researcher recently made public a flaw that’s existed since 1997.
Decades-Old Flaws Affect Almost Every Wi-Fi Device
A set of vulnerabilities in how Wi-Fi is designed and used in practice expose virtually every Wi-Fi-enabled device to some form of attack. A handful of those flaws have been around since the original Wi-Fi standard debuted in 1997.
The findings, publicly disclosed this week by New York University Abu Dhabi researcher Mathy Vanhoef, show that an attacker within Wi-Fi range of a target network could potentially exfiltrate data from a victim and compromise their devices. But while the sheer scale and scope of the exposure is staggering, many of the attacks would be difficult to carry out in practice, and not all Wi-Fi devices are affected by all of the flaws.
Vanhoef collectively calls the findings “Frag Attack,” short for “fragmentation and aggregation attacks,” because the flaws largely relate to subtle issues in how Wi-Fi chops up and reorders data in transit to move information as quickly as possible, then puts that data back together on the other end.
“The fragmentation functionality is normally used to improve the performance of your Wi-Fi network if there’s a lot of background noise,” Vanhoef says. The goal is to split data up into more manageable fragments for transmission that can be efficiently reassembled when they’re received. But Vanhoef discovered security weaknesses in the process. “You can cause a receiver to reassemble two fragments that belong to different packets or even store malicious data and combine it with legitimate information,” he says. “Under the right conditions this can be used to exfiltrate data.”
Vanhoef also found a vulnerability that could allow an attacker to inject malformed data and become a “man in the middle” on a network, studying data that passes through to steal information or even take control of other connected devices that have additional vulnerabilities. They would need no special privileges to pull off the hack.
Activist Post reports regularly about unsafe technology. For more information visit our archives and the following websites:
Provide, Protect and Profit from what’s coming! Get a free issue of Counter Markets today.