Critical WiFi vulnerability Frag attacks to impact millions of devices


By MYBRANDBOOK


Critical WiFi vulnerability Frag attacks to impact millions of devices

Belgian security researcher specializing in Wi-Fi bugs has unearthed a clutch of new ones, which he called FragAttacks, that affect the Wi-Fi standard itself. The name is short for “fragmentation and aggregation attacks.”

 

Mathy Vanhoef, the Belgian security researcher who discovered the FragAttacks, said in a post that three of the vulnerabilities are design flaws in the Wi-Fi standard and therefore “affect most devices.” Several other vulnerabilities are caused by “widespread programming mistakes,” he said, with experiments indicating that “every Wi-Fi product is affected by at least one vulnerability,” with most affected by several.

 

Vanhoef knows his Wi-Fi protocols and how to shred them: He previously discovered the KRACK attack, a devastating weakness in the WPA2 protocol that allows attackers to decrypt encrypted traffic, steal data and inject malicious code, depending on the network configuration. He also found the RC4 NOMORE attack, which helped drive nails into the coffin of the RC4 encryption algorithm, as well as the Dragonblood attack against WPA3 Wi-Fi networks that would allow attackers to steal passwords.

 

Using a VPN can prevent attacks where an adversary is trying to exfiltrate data, but it won’t prevent an attacker from bypassing your router’s NAT/firewall to directly attack devices.

 

Vanhoef passed along these general security best practices:

 

· Update your devices, including IoT/smart devices, which don’t all receive regular updates

· Don’t reuse your passwords

· Back up important data

· Keep off of dicey websites

· Double-check that websites you visit use HTTPS, or better yet, install the HTTPS Everywhere plugin, which forces HTTPS usages on websites that are known to support it

· Manually configure your DNS server to prevent poisoning.

 E-Magazine 
 VIDEOS  Placeholder image

Copyright www.mybrandbook.co.in @1999-2024 - All rights reserved.
Reproduction in whole or in part in any form or medium without express written permission of Kalinga Digital Media Pvt. Ltd. is prohibited.
Other Initiatives : www.varindia.com | www.spoindia.org