Privacy and Security

Update Windows (and Lots of Other Stuff) ASAP: 'FragAttack' Bugs Found Lurking in Millions of Wifi Devices

A slew of new wifi vulnerabilities impacts everything from cellphones and routers to, well, anything wifi-connected.

By
Shoshana Wodinsky
Comments (5)
We may earn a commission from links on this page.
Image for article titled Update Windows (and Lots of Other Stuff) ASAP: 'FragAttack' Bugs Found Lurking in Millions of Wifi Devices
Photo: Nicolas Asfouri (Getty Images)

A slew of new wifi vulnerabilities impacts everything from cellphones and routers to, well, anything wifi-connected, according to a new report by a Belgian cybersecurity expert.

Related Content

What You Need to Know About Google's VPN
An Exposed Username and Password Leaves Over 100,000 Zyxel Firewalls and VPN Gateways Open to Severe Attacks
Sam Bankman-Fried Using a VPN, McDonald’s AI Drive Thru Fails, Buzzfeed AI Quizzes Suck | Editor Picks
Subtitles
  • Off
  • English

Mathy Vanhoef—who you might know for co-discovering the widespread wifi KRACK attack back in 2017—dubbed this new collection of vulnerabilities “fragmentation and aggregation attacks,” or FragAttacks for short. In a nutshell, these are a collection of 12 different vulnerabilities that could potentially leak user information or attack a given device, if probed by a bad actor within wifi range.

Advertisement

Related Content

What You Need to Know About Google's VPN
An Exposed Username and Password Leaves Over 100,000 Zyxel Firewalls and VPN Gateways Open to Severe Attacks
Sam Bankman-Fried Using a VPN, McDonald’s AI Drive Thru Fails, Buzzfeed AI Quizzes Suck | Editor Picks
Subtitles
  • Off
  • English

Per Vanhoef’s explanation on the dedicated FragAttacks site he set up, nine of these flaws stem from programming hiccups in specific wifi products, and the other three are due to-baked in bugs in the wifi standard itself—even the security protocol some wifi networks use, called WEP, is impacted.

Advertisement

The good news here is that these particular flaws are pretty hard to probe, since it either requires actual “user interaction,” or is only possible when using an obscure network setting, Vanhoef wrote.

The good news here is that manufacturers are already patching their products against future FragAttacks, just in case. Yesterday, for example, Microsoft issued three separate updates to address three of the more common vulnerabilities and applied these patches to Windows 10, Windows 8.1, and Windows 7. If any of those are your OS of choice, you should update those devices ASAP. Netgear, meanwhile, already put up an advisory page about these attacks, saying that the company has already pushed out a few patches for some of their products, with more on the way.

Advertisement

Even if your devices aren’t patched yet, Vanhoef recommended some basic cybersecurity tips to keep yourself safe from any fraggers hiding in the shadows: use a strong, unique Wi-Fi password, and make sure you’re connecting to websites using the HTTPS encryption protocol whenever possible.

Read more details about wifi FragAttacks on Vanhoef’s website here.

More on security and privacy from G/O Media’s partner:
- Review of the Best VPN Services
- Free VPN’s
- NordVPN - Review of Product Features
- ExpressVPN - Review of Product Features

Gizmodo is not involved in creating these articles but may receive a commission from purchases through its content.

Advertisement