Security researchers specialising in WiFi bugs have unearthed a clutch of new ones, called FragAttacks, that affect the WiFi standard itself. Incredibly some of the bugs date back to 1997, meaning that computers, smartphones or other devices up to 24 years old may be vulnerable to attackers within WiFi range. If attackers are near enough, they could intercept the owner’s information, trigger malicious code, and take over the device.
Three of the vulnerabilities are design flaws in the WiFi standard itself and therefore affect most devices. Several other vulnerabilities are caused by widespread programming mistakes, with experiments indicating that every WiFi product is affected by at least one vulnerability.
Attackers can exploit the latest vulnerabilities in three different ways. By intercepting victims’ authentication credentials, abusing insecure internet-of-things (IoT) devices by remotely flipping a smart power socket on and off and by serving as a foothold to launch advanced attacks, particularly by hijacking an outdated Windows 7 machine inside a local network.
The researchers said that the design flaws aren’t being exploited now, nor have they been in the past. It took so long to discover some of the flaws, their thinking is that they haven’t yet been discovered. It is thought that it would take a “perfect storm” for attackers to take advantage of FragAttacks, as they need to be in radio range, an exploit requires misconfigured network settings, and adversaries need direct interaction with a user.
It’s critical that device owners implement proven WiFi security best practices to ensure that the vulnerabilities are not exploited in the future. End users and administrators alike need to be co-ordinated in their efforts to regularly patch connected devices, which include routers, IoT devices and smartphones. Routers can be set up to encrypt data, as well as employing good password hygiene and multi-factor authentication practices, too. Information such as your network ID shouldn’t be broadcast and it is worth double checking configurations are secure.
Call the business technology experts at Neuways on 01283 753333 or email firstname.lastname@example.org to discuss your business’ WiFi options, today.