This Wi-Fi vulnerability can compromise every single internet-connected device
You might have heard of frag grenades, but now there's an equally destructive security vulnerability affecting the Wi-Fi standard. The "FragAttacks" loophole is all encompassing and it not only affects the usual smartphones, computers, and tablets, but essentially anything with Wi-Fi capability. The exploit allows attackers to steal information, inject data packets, and cause Denial-of-Service attacks while bypass existing security measures over protected networks.
Named after combining the underlying fragmentation and aggregation attacks, Belgian security expert Mathy Vanhoef explains that the FragAttacks vulnerability includes a range of flaws. Some of these flaws are difficult to exploit, whereas others are trivial enough for low-level cybercriminals to leverage. It is therefore important to heed Vanhoef's advice to update devices, desist from sharing passwords, backup data, and avoid sketchy websites.
The staggering scale of these vulnerabilities even affects the latest WPA3 Wi-Fi security protocol. The threat spectrum extends to devices conforming to the Wi-Fi standard since its inception in 1997. Basically, no device with Wi-Fi capability is immune to this security time bomb. This complicates matters because the affected devices include manufacturers which have ceased to even exist, let alone release a security patch.
Thankfully, Vanhoef helped the Wi-Fi Alliance to issue patches before going public with his findings. That allowed major technology firms such as Cisco, Netgear, Synology, Intel, Microsoft, Samsung, and Lenovo to issue patches. That's not an invitation for complacency. It is impossible for all companies to issue patches for every single product, so the onus lies on users to ensure their devices are secure.
The Wi-Fi vulnerability comes hot on the heels of another Qualcomm exploit allowing hackers to compromise modem chips. This enables them to access call and text history, in addition to recording even phone calls without user consent. The worst part is that Qualcomm was aware of this vulnerability since October last year, but the exploit still hasn't been fixed as of this writing.