acm-header
Sign In

Communications of the ACM

Home/News/Vulnerabilities in Billions of Wi-Fi Devices Let Hackers.../Full Text
ACM TechNews

Vulnerabilities in Billions of Wi-Fi Devices Let Hackers Bypass Firewalls

By Ars Technica
May 24, 2021
Comments
View as: Print Mobile App Share:
A FragAttack logo.

Researcher Mathy Vanhoef has identified a dozen vulnerabilities, either in the Wi-Fi specification or in the way the specification has been implemented in huge numbers of devices.

Credit: malwarebytes.com

Security researcher Mathy Vanhoef found 12 fragmentation vulnerabilities and aggregation attack (FragAttack) exploits in Wi-Fi systems that leave billions of devices potentially vulnerable.

FragAttacks let hackers within radio range inject frames into networks shielded by Wi-Fi Protected Access-based encryption; although FragAttacks cannot be used to read passwords or other sensitive data, they can cause other kinds of damage when coupled with other exploits.

One particularly severe FragAttack is a flaw in the Wi-Fi specification itself, which if exploited forces devices to use a rogue Domain Name System server, which can subsequently route users to malicious websites.

While the most effective way to mitigate the threat is to install all available updates that address the vulnerabilities on each vulnerable computer, router, or Internet-of-things device, it is likely many affected devices will never be patched.

From Ars Technica
View Full Article

 

Abstracts Copyright © 2021 SmithBucklin, Washington, DC, USA

 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account