A researcher has discovered 12 vulnerabilities in the Wi-Fi protocol. FragAttacks, the threats resulting from these vulnerabilities make it possible to steal data or take control of devices, including connected objects. Some of these breaches have been present since the 1990s and concern all devices.
The omnipresentis far from perfect in of security. A researcher from the Catholic University of Leuven in Belgium (KU Leuven) has, in fact, detected no less than 12 faults affecting devices equipped with a module . The attack methods relating to these flaws have been grouped together under the heading . With them, a nearby attacker can exploit these vulnerabilities to steal data or take control of these devices. Through a Wi-Fi network, the researcher thus succeeded in taking control of a connected switch, as well as of a computer powered by . In the latter case, the attacker can then launch an attack from this PC whose system is obsolete.
It turns out that three of these flaws date from the beginnings of Wi-Fi and its security in the 1990s. This is particularly the case for keys.of the time, as well as for the latest protocols, such as WPA3. These are therefore design flaws and therefore affect virtually all devices.
In this video, the Belgian researcher shows three methods of attacks via vulnerabilities discovered in Wi-Fi. ©
Three flaws corrected by Microsoft
One of the flaws allows you to send code inin one protected. Most devices accept plain texts without flinching because they look like messages to establish a link. From that moment on, the hacker can intercept network traffic and trick his target into using a server. to retrieve his identifiers.
The discovery dates back nine months. Since thewhich is the consortium responsible for the certification of the standard works with the manufacturers of Wi-Fi modules to find a way to close the gaps. For his part, fixed three of the vulnerabilities by distributing a patch starting March 9. A patch linked to the nucleus is also expected. The companies Cisco, Sierra Wireless, Samsung, Eero, and even Netgear have started to develop patches to remedy the vulnerabilities. In the meantime, it is better to check that the mention “Https” is present when connecting to a site , because it is from malicious sites that the attacker seeks to collect identifiers. It is also necessary that it is within range of the network …