https://www.theverge.com/2021/5/12/22433134/fragattacks-wi-fi-vulnerabilities-update-security Skip to main content The Verge homepage Follow The Verge online: * * * Log in or sign up * Log In * Sign Up Site search Search The Verge main menu * Tech * Reviews * Science * Creators * Entertainment * Video * Features * Podcasts * Newsletters * Store * More [ ] [Search] * Tech + Video + Amazon + Apple + Facebook + Google + Microsoft + Samsung + Tesla + AI + Cars + Cybersecurity + Mobile + Policy + Privacy + Scooters + All Tech * Reviews + Phones + Laptops + Headphones + Cameras + Tablets + Smartwatches + Speakers + Drones + Accessories + Buying Guides + How-tos + Deals + More from Verge Reviews * Science + Video + Space + NASA + SpaceX + Health + Energy + Environment + All Science * Creators + YouTube + Instagram + Adobe + Kickstarter + Tumblr + Art Club + Cameras + Photography + What's in your bag? + All Creators * Entertainment + Film + TV + Games + Fortnite + Game of Thrones + Books + Comics + Music + All Entertainment * Video * Features * Podcasts * Newsletters * Store Filed under: * Tech * Cybersecurity A security researcher found Wi-Fi vulnerabilities that have existed since the beginning New, 11 comments The cycle of painful updates begins anew By Mitchell Clark May 12, 2021, 8:59pm EDT Share this story * Share this on Facebook * Share this on Twitter * Share All sharing options Share All sharing options for: A security researcher found Wi-Fi vulnerabilities that have existed since the beginning * Linkedin * Reddit * Pocket * Flipboard * Email [acastro__1] Illustrator by Alex Castro / The Verge The security researcher who discovered the Krack Wi-Fi vulnerability has discovered a slew of other flaws with the wireless protocol most of us use to power our online lives (via Gizmodo). The vulnerabilities relate to how Wi-Fi handles large chunks of data, with some being related to the Wi-Fi standard itself, and some being related to how it's implemented by device manufacturers. The researcher, Mathy Vanhoef, calls the collection of vulnerabilities "FragAttacks," with the name being a mashup of "fragmentation" and "aggregation." He also says the vulnerabilities could be exploited by hackers, allowing them to intercept sensitive data, or show users fake websites, even if they're using Wi-Fi networks secured with WPA2 or even WPA3. They could also theoretically exploit other devices on your home network. There are twelve different attack vectors that fall under the classification, which all work in different ways. One exploits routers accepting plaintext during handshakes, one exploits routers caching data in certain types of networks, etc. If you want to read all the technical details on how exactly they work, you can check out Vanhoef's website. According to The Record, Vanhoef informed the WiFi Alliance about the vulnerabilities that were baked-in to the way Wi-Fi works so they could be corrected before he disclosed them to the public. Vanhoef says that he's not aware of the vulnerabilities being exploited in the wild. While he points out in a video that some of the vulnerabilities aren't particularly easy to exploit, he says others would be "trivial" to take advantage of. Vanhoef points out that some of the flaws can be exploited on networks using the WEP security protocol, indicating that they've been around since Wi-Fi was first implemented in 1997 (though if you're still using WEP, these attacks should be the least of your concerns). Vanhoef says that the flaws are wide-spread, affecting many devices, meaning that there's a lot of updating to do. The thing about updating Wi-Fi infrastructure is that it's always a pain. For example, before writing this article I went to check if my router had any updates, and realized that I had forgotten my login information (and I suspect I won't be alone in that experience). There's also devices that are just plain old, whose manufacturers are either gone or not releasing patches anymore. If you can, though, you should keep an eye on your router manufacturer's website for any updates that are rolling out, especially if they're in the advisory list. Some vendors have already released patches for some of their products, including: * Microsoft * Eero * Aruba * Cisco * Ruckus * Intel * Juniper * Lancom * Lenovo * Linux Wireless * Mist * Netgear * Samsung * Synology * Zyxel As for anything else you need to do, Vanhoef recommends the usual steps: keep your computers updated, use strong, unique passwords, don't visit shady sites, and make sure you're using HTTPS as often as possible. Other than that, it's mostly being thankful that you're not in charge of widespread IT infrastructure (my deepest condolences if you, in fact, are). Next Up In Tech Sign up for the newsletter Verge Deals Subscribe to get the best Verge-approved tech deals of the week. Email (required) [ ] By signing up, you agree to our Privacy Notice and European users agree to the data transfer policy. Subscribe Loading comments... Chorus * Terms of Use * Privacy Notice * Cookie Policy * Do Not Sell My Personal Info * Licensing FAQ * Accessibility * Platform Status * Contact * Tip Us * Community Guidelines * About * Ethics Statement Vox Media Vox Media logo. Advertise with us Jobs @ Vox Media (c) 2021 Vox Media, LLC. All Rights Reserved Share this story * Twitter * Facebook