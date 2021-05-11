The Wi-Fi standard, although it has evolved in recent years, continues to be based on technology created decades ago. Now a Belgian researcher has discovered a number of eerrors that compromise the standard and consequently hundreds of millions of devices who use it.

As explained in The Record, it is a series of errors discovered in the Wi-Fi technology itself. The investigation has been carried out by Mathy Vanhoef, a Belgian security expert. Attacks using these methods allow extract information from the victim’s device as well as run malware in the.

Vulnerabilities on virtually any Wi-Fi enabled device

‘Frag Attacks’ is the name given to the attacks carried out taking advantage of these newly discovered vulnerabilities. Three of them ensure that directly affect the Wi-Fi standard, which is why most of the world’s Wi-Fi devices are affected. It says some of the vulnerabilities date back to 1997. The other vulnerabilities are “due to bugs.”

The name of Frag Attacks refers to the fragments through which Wi-Fi operates. According to the researcher, the Wi-Fi standard “breaks” and then reassembles the network packets, which allows an attacker to take advantage to enter their own code in the process.

It is not the first time that Mathy Vanhoef has discovered errors in the Wi-Fi protocol. He previously encountered the KRACK and Dragonblood attacks. This time with Frag Attacks he has done the same as on previous occasions: contact the Wi-Fi Alliance for vulnerabilities to be corrected before being published.

During the last months the Wi-Fi Alliance and the electronic device manufacturers that comprise it have sent different firmware updates to fix these errors. Therefore, it is enough to check the latest updates of the router or devices such as mobiles and computers to find the identifiers related to these vulnerabilities:

CVE-2020-24588 CVE-2020-24587 CVE-2020-24586 CVE-2020-26145 CVE-2020-26144 CVE-2020-26140 CVE-2020-26143 CVE-2020-26139 CVE-2020-26146 CVE-2020-26147 CVE-2020-26142 CVE-2020-26141

In any case, as much as this affects the foundations of Wi-Fi as we know it, not so easy to get. Mathy Vanhoef indicated that the attacker must be close and make the attacks one by one and with intervention. In other words, it is not possible to launch massive and large-scale attacks. Likewise, it must be taken into account that many manufacturers have already patched these vulnerabilities so as not to be affected in the future.

Via | The Record