Sign In

Communications of the ACM

ACM TechNews

Vulnerabilities in Billions of Wi-Fi Devices Let Hackers Bypass Firewalls

View as: Print Mobile App Share:
A FragAttack logo.

Researcher Mathy Vanhoef has identified a dozen vulnerabilities, either in the Wi-Fi specification or in the way the specification has been implemented in huge numbers of devices.


Security researcher Mathy Vanhoef found 12 fragmentation vulnerabilities and aggregation attack (FragAttack) exploits in Wi-Fi systems that leave billions of devices potentially vulnerable.

FragAttacks let hackers within radio range inject frames into networks shielded by Wi-Fi Protected Access-based encryption; although FragAttacks cannot be used to read passwords or other sensitive data, they can cause other kinds of damage when coupled with other exploits.

One particularly severe FragAttack is a flaw in the Wi-Fi specification itself, which if exploited forces devices to use a rogue Domain Name System server, which can subsequently route users to malicious websites.

While the most effective way to mitigate the threat is to install all available updates that address the vulnerabilities on each vulnerable computer, router, or Internet-of-things device, it is likely many affected devices will never be patched.

From Ars Technica
View Full Article


Abstracts Copyright © 2021 SmithBucklin, Washington, DC, USA


No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account