Security researcher Mathy Vanhoef has unearthed WiFi flaws known as “frag attacks” (fragmentation and aggregation attacks) that he says affect every WiFi device.
Vanhoef, who is known for finding WiFi security vulnerabilities, wrote on his blog that these vulnerabilities date back to 1997. Although he says they’re hard to abuse, they could in theory be used by an attacker within radio range to steal information.
"An adversary that is within radio range of a victim can abuse these vulnerabilities to steal user information or attack devices," Vanhoef said. "Experiments indicate that every Wi-Fi product is affected by at least one vulnerability and that most products are affected by several vulnerabilities."
These frag attacks are difficult for hackers to take advantage of because they require user interaction or the use of uncommon network settings.
Plaintext injection vulnerabilities
Vanhoef said several of the flaws he discovered were related to the ability to inject plaintext frames into a protected WiFi network, as well as certain devices that accept "plaintext aggregated frames that look like handshake messages."
In explaining how it works, Vanhoef said an attacker could intercept traffic by tricking the victim into using a malicious DNS server. He found through his own experimentation that two out of four tested home routers were affected by this vulnerability, along with several internet-of-things devices and some smartphones.
"The biggest risk in practice is likely the ability to abuse the discovered flaws to attack devices in someone's home network," he wrote. "For instance, many smart home and internet-of-things devices are rarely updated, and Wi-Fi security is the last line of defense that prevents someone from attacking these devices. Unfortunately ... this last line of defense can now be bypassed."
Not currently being exploited
The Wi-Fi Alliance said there’s currently “no evidence of the vulnerabilities being used against Wi-Fi users maliciously” and that the issues are “mitigated through routine device updates that enable detection of suspect transmissions or improve adherence to recommended security implementation practices.”
To guard against the risk of frag attacks, Vanhoef recommends accessing sites via secure HTTPS connections. He has released a video demonstration of the flaws that can be viewed here.