Decades old mistakes affect almost every Wi-Fi device
[ad_1]
A set The weakness in how Wi-Fi is designed and used in practice reveals almost all of it Wi-Fi enabled device to certain types of attacks. There are some of these flaws since the original Wi-Fi standard was released in 1997.
Findings, publicly disclose This week, Mathy Vanhoef, a researcher in Abu Dhabi at New York University, showed that an attacker in a Wi-Fi district on a target network could rip data from the victim and put the device at risk. Although the scale and scope of the exposure are staggering, it would be difficult to carry out many attacks in practice and not all Wi-Fi devices will be affected by all the flaws.
Vanhoefe collectively calls the findings a “Frag Attack” because they are short of “fragmentation and aggregation attacks,” because the errors are largely related to subtle problems with how to indent Wi-Fi and move data in transition as quickly as possible, then put the data together at the other end.
“Fragmentation functionality is typically used to improve the performance of your Wi-Fi network if there is a lot of background noise,” says Vanhoefe. The goal is to divide the parts into more manageable data collection so that they can be re-assembled efficiently upon collection. But Vanhoefe found security vulnerabilities in the process. “You can cause a receiver to reassemble two parts of different packages or store malicious data and combine it with legitimate information,” he says. “Under the right conditions this can be used to filter data.”
Vanhoefe found a vulnerability that allowed an attacker to insert malformed data and become a “middle man” in a network by analyzing data that passes through information theft or even taking control of other connected devices with additional vulnerabilities. They would not need any special privileges to access the hack.
“These design flaws are a concern. Because they are so widespread, all the Wi-Fi devices I’ve tested are vulnerable to something, ”Vanhoefe says.“ But on the other hand, they’re unlikely to be exploited. Sometimes I like to say ‘patch before improvement attacks’ ”.
Vanhoefe spent nine months working in coordinated outreach with a number of Internet security organizations and industries. Microsoft, Samsung, Cisco, Intel, Linksys, Netgear, Eero and many others have already released patches. It’s there full list about safety tips and Vanhoefe says more repairs will be sent in the coming weeks.
Regulatory bodies and web security groups such as the Wi-Fi Alliance and the Internet Consortium for the Advancement of Internet Security. release tips this week we are asking all Wi-Fi users and network administrators to update their devices when and where patches are available.
Almost all Wi-Fi devices need repairs or some sort of mitigation, especially routers and other network equipment, with the goal of facilitating attacks. These are, in fact, the types of devices, both for consumers and for businesses. they often don’t receive updates, or they can’t due to concerns about backward compatibility.
“These findings really get to the heart of Wi-Fi operation,” says longtime independent Wi-Fi researcher Jim Palmer. examine Frag Attack Outreach. “Some of these findings are really weird, but the attacks are also very complicated, not a little bit. And the victims have to be in the Wi-Fi zone, kind of like a blast radius.”
Palmer says that for Wi-Fi specialists, Frag Attack will be joined by a long mental list of vulnerabilities and flaws that need to be taken into account especially in real-world implementations. In recent years, Vanhoefe has also found two of the other major Wi-Fi exposures that rise to this level: Wi-Fi encryption attacks KRACK and Dragon. Like these findings, Palmer hopes the Frag exposures will be around and hidden in the devices for decades.
[ad_2]
Source link