Just days after we heard about the Qualcomm vulnerability that could let hackers listen to your calls, a security researcher has brought to light several Wi-Fi vulnerabilities, some of which even relate to the Wi-Fi standard itself. The new findings affect not just your phones, tablets, and laptops but just about any device that uses the technology that wirelessly connects to the internet.
Belgian security researcher Mathy Vanhoef calls this new set of vulnerabilities "FragAttacks," — a portmanteau of fragmentation and aggregation attacks. If exploited, they could allow an attacker to steal information over protected networks, inject data packets into data streams, or even cause DoS (denial of service) attacks. While some flaws in the set are hard to abuse, some others are "trivial to exploit."
Vanhoef shows how a vulnerability could be used to extract sensitive login information.
Before disclosing this information to the public, Vanhoef worked with the Wi-Fi Alliance to address the flaws. As a result, a lot of companies including Samsung, Microsoft, Cisco, Intel, Netgear, Synology, and Lenovo, have already released patches for some of their products. Unfortunately, since some flaws have been around since 1997, updating all affected devices isn't going to be a very seamless process — some companies may not even exist anymore.
To minimize your chances of being a victim of an attack, Vanhoef recommends you follow general security practices: update your devices, don't reuse your passwords, make sure you have backups of important data, and don't visit shady websites.
If you want to dive deeper into the issue, head over to Vanhoef's blog for technical information.