Communications of the ACM
Vulnerabilities in Billions of Wi-Fi Devices Let Hackers Bypass Firewalls
Researcher Mathy Vanhoef has identified a dozen vulnerabilities, either in the Wi-Fi specification or in the way the specification has been implemented in huge numbers of devices.
Credit: malwarebytes.com
Security researcher Mathy Vanhoef found 12 fragmentation vulnerabilities and aggregation attack (FragAttack) exploits in Wi-Fi systems that leave billions of devices potentially vulnerable.
FragAttacks let hackers within radio range inject frames into networks shielded by Wi-Fi Protected Access-based encryption; although FragAttacks cannot be used to read passwords or other sensitive data, they can cause other kinds of damage when coupled with other exploits.
One particularly severe FragAttack is a flaw in the Wi-Fi specification itself, which if exploited forces devices to use a rogue Domain Name System server, which can subsequently route users to malicious websites.
While the most effective way to mitigate the threat is to install all available updates that address the vulnerabilities on each vulnerable computer, router, or Internet-of-things device, it is likely many affected devices will never be patched.
From Ars Technica
View Full Article
Abstracts Copyright © 2021 SmithBucklin, Washington, DC, USA
No entries found