FragAttacks: 12 vulnerabilities in Wi-Fi objects cause a flood of updates

A researcher has discovered a batch of 12 computer flaws, which he has grouped under the name FragAttacks. Relatively difficult to exploit, these vulnerabilities are still dangerous. That’s why it is highly recommended to update all Wi-Fi devices.

A discovery of 12 vulnerabilities, the oldest of which date back to… 1997. The Belgian researcher Mathy Vanhoef published this May 11 a site dedicated to a whole lot of flaws in the very functioning of Wi-Fi, which he called “FragAttacks”.

For 9 months, he has been working with the Wi-Fi Alliance and the various companies concerned by these vulnerabilities to have them corrected. Ten of them have already published their patches: Microsoft, Intel, Cisco, Eero, Samsung, Nextgear… Users just have to run the updates (as they are advised to do systematically).

“Three of the vulnerabilities discovered are design flaws in the Wi-Fi standard and therefore affect most devices,” said the researcher, as noted by The Record Media. The other vulnerabilities are due to programming errors in the implementation of the Wi-Fi standard in products. “My experiences indicate that every Wi-Fi product is affected by at least one vulnerability and most have more than one,” Vanhoef said.

Properly exploited, FragAttacks allow a wide range of manipulations. In the worst case, the hacker could use it to execute the code (and therefore the program) of his choice on the victim’s device, all remotely. In the jargon, this is called RCE (for Remote Code Execution), and it is the ultimate goal of any hack, a sign that it is dangerous. From a RCE, it is possible to steal confidential information, to steal credentials from private accounts, to hijack transactions…


In his demonstration, the researcher takes advantage of the lack of secure connection on the site of the University of New York to simulate the takeover of a computer:

While FragAttacks are problematic – for proof, the reaction of manufacturers – they remain relatively difficult to exploit. First, the hacker must be within range of the Wi-Fi. Secondly, the exploitation requires user interaction, i.e. clicking on a malicious link or accepting a command for example. In other words, the attack is not sufficient on its own, the perpetrator must first succeed in phishing or another attack to trap the victim.

A simple precaution of navigation allows to avoid any risk: the Internet user must make sure to access the sites by HTTPS connections. The encryption offered by this security standard prevents the hacker from modifying the content of the information sent to the router, and therefore from exploiting the FragAttacks flaws. Today, HTTPS is very widespread, because it is free to set up with Let’s Encrypt, and because browsers try to push – or even force – its use. Mathy Vanhoef had already distinguished himself in 2017 for finding another Wi-Fi vulnerability, named “Krack”.

Leave a Reply

Your email address will not be published. Required fields are marked *