Frag attacks could fry all your Wi-Fi devices

News
By published

Even devices dating back to 1997 are vulnerable to FragAttacks

Wi-Fi
(Image credit: Chris Oakley / Flickr)

A new set of vulnerabilities have been discovered in the WiFi standard that affect WiFi-enabled devices dating all the way back to 1997.

In total there are 12 different vulnerabilities which have been dubbed FragAttacks (fragmentation and aggregation attacks) by Belgian academic and security researcher Mathy Vanhoef who first discovered them nine months ago. 

FragAttacks have the potential to be particularly dangerous as they could allow an attacker to gather information about the owner of a Wi-Fi-enabled device and run malicious code to compromise it even with Wi-Fi security protocols such as WEP and WPA enabled. Thankfully though, an attacker would have to be in range of a targeted device to exploit these vulnerabilities as they can not be exploited remotely.

Vanhoef provided further insight regarding the vulnerabilities he discovered on a new website dedicated to FragAttacks, saying:

“Three of the discovered vulnerabilities are design flaws in the Wi-Fi standard and therefore affect most devices. On top of this, several other vulnerabilities were discovered that are caused by widespread programming mistakes in Wi-Fi products. Experiments indicate that every Wi-Fi product is affected by at least one vulnerability and that most products are affected by several vulnerabilities.”

FragAttacks

Vanhoef is no stranger to finding vulnerabilities in the Wi-Fi standard as he previously discovered both the KRACK and Dragonblood vulnerabilities. 

Just as he did then, Vanhoef immediately reported his findings to the Wi-Fi Alliance which has been working for the past nine months to correct the Wi-Fi Standard while also helping device vendors release firmware patches to address these 12 vulnerabilities.

According to a statement from the Industry Consortium for Advancement of Security on the Internet (ICASI), so far Cisco Systems, HPE/Aruba Networks, Juniper Networks, Sierra Wireless and Microsoft have published security updates and advisories on FragAttacks.

In a security update, the Wi-Fi Alliance explained that no attacks exploiting these vulnerabilities have been observed in the wild, saying:

“There is no evidence of the vulnerabilities being used against Wi-Fi users maliciously, and these issues are mitigated through routine device updates that enable detection of suspect transmissions or improve adherence to recommended security implementation practices. Wi-Fi Alliance has taken immediate steps to ensure users can remain confident in the strong security protections provided by Wi-Fi.”

In order to protect yourself from FragAttacks, the Wi-Fi Alliance recommends that users of Wi-Fi-enabled devices install the “latest recommended updates from device manufactures”.

Via BleepingComputer

Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
cables going into the back of a broadband router on white background
Netgear urges users to patch major router security issues now
An image of network security icons for a network encircling a digital blue earth.
Industrial networks exposed to attack by faulty Moxa devices
A VPN runs on a mobile phone placed on a laptop keyboard
Major new online tunneling vulnerability could put millions of devices at risk
Bluetooth
Top Bluetooth chip security flaw could put a billion devices at risk worldwide
A VPN runs on a mobile phone placed on a laptop keyboard
SonicWall firewalls hit by worrying cyberattack
Best free Linux firewalls
Fortinet warns a critical vulnerability in its systems could let attackers breach company networks
Latest in Security
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Coinbase targeted after recent Github attacks
hacker.jpeg
Key trusted Microsoft platform exploited to enable malware, experts warn
IBM office logo
IBM to provide platform for flagship cyber skills programme for girls
Latest in News
Zendesk Relate 2025
Zendesk Relate 2025 - everything you need to know as the event unfolds
Disney Plus logo with popcorn
You can finally tell Disney+ to stop bugging you about that terrible Marvel show you regret starting
Google Gemini AI
Gemini can now see your screen and judge your tabs
Girl wearing Meta Quest 3 headset interacting with a jungle playset
Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now
Philips Hue
Philips Hue might be working on a video doorbell, and according to a new report, we just got our first look at it
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
More about security
An abstract image of digital security.

Fake file converters are stealing info, pushing ransomware, FBI warns
Microsoft

"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Ugreen \00d7 Genshin Impact Kinich Collectible Gift Box and exclusive Genshin Impact merchandise.

Ugreen reveals exclusive Genshin Impact collection and they're some of the most eye-catching charging products I've ever used
See more latest
Most Popular
Ugreen \00d7 Genshin Impact Kinich Collectible Gift Box and exclusive Genshin Impact merchandise.
Ugreen reveals exclusive Genshin Impact collection and they're some of the most eye-catching charging products I've ever used
Zendesk Relate 2025
Zendesk Relate 2025 - everything you need to know as the event unfolds
Google Gemini AI
Gemini can now see your screen and judge your tabs
iFi iDSD Valkyrie in gold, on a beige desk
iFi's iDSD Valkyrie DAC wants to guide your music to the great hall of Valhalla
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
A fresh Samsung Galaxy S25 Edge leak hints at a 2K display and a titanium frame
Philips Hue
Philips Hue might be working on a video doorbell, and according to a new report, we just got our first look at it
SDUNITED AX835-025FF mini PC
This mini PC with the incredible Strix Halo APU is yet another sign AMD may have given up on big brands for bleeding edge tech
Disney Plus logo with popcorn
You can finally tell Disney+ to stop bugging you about that terrible Marvel show you regret starting
Girl wearing Meta Quest 3 headset interacting with a jungle playset
Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now
Hatch Restore 3 in Putty
You can finally start your day with The Office theme song, and I couldn't be more excited