Security researcher Mathy Vanhoef found 12 fragmentation vulnerabilities and aggregation attack (FragAttack) exploits in Wi-Fi systems that leave billions of devices potentially vulnerable.
FragAttacks let hackers within radio range inject frames into networks shielded by Wi-Fi Protected Access-based encryption; although FragAttacks cannot be used to read passwords or other sensitive data, they can cause other kinds of damage when coupled with other exploits.
One particularly severe FragAttack is a flaw in the Wi-Fi specification itself, which if exploited forces devices to use a rogue Domain Name System server, which can subsequently route users to malicious websites.
While the most effective way to mitigate the threat is to install all available updates that address the vulnerabilities on each vulnerable computer, router, or Internet-of-things device, it is likely many affected devices will never be patched.
From Ars Technica
View Full Article
Abstracts Copyright © 2021 SmithBucklin, Washington, DC, USA
No entries found