Tech UPTechnologyWiFi: They discover vulnerabilities that put all mobile devices...

WiFi: They discover vulnerabilities that put all mobile devices at risk

In recent years, WiFi connectivity has suffered major vulnerabilities. In October 2017, for example, we learned about the KRACK (“Key Reinstallation Attack”), consisting of a serious replay attack on the WiFI Protected Access Protocol (WPA2), which hackers use to exploit an existing vulnerability in this protocol, reading the encrypted data. Thus, when they are close to a possible victim, the attacker can access and read the encrypted data through this attack.

A year later, in August 2018, we also discovered another vulnerability that allowed a WPA-PSK network to be hacked. However, recently published studies have shown that any attacker located within range of a certain target could potentially exploit it through these and other flaws originally found a short time ago.

Recently, Mathy Vanhoef has published a study entitled ‘Fragment and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation’, in which he describes a number of vulnerabilities in WiFi, which would include a total of three standard design flaws and nine implementation-related failures . Christened FragAttacks , this series of new attacks can put the security of users through their mobile devices at risk.

These attacks mainly refer to a series of design flaws and programming security vulnerabilities that affect different WiFi devices.

Recent research indicates that while design flaws can be more challenging for attacks due to the need for user interaction, the same would not be true for vulnerabilities associated with programming, which do pose a much more significant risk.

Unfortunately, as the expert warns, these security flaws affect practically all contemporary WiFi security protocols , which includes WEP and the current WPA3, since they are vulnerabilities available since their conception, in 1997.

Experts are surprised, as the different security protocols for WiFi products have been improved over the years. But, it seems, the flaws practically started with some of the earliest WiFi security protocols , dating back to the 1990s, while the scheduling flaws exist in all mobile devices that use this connectivity .

Once an attacker gets within reach of a user with a mobile device, they can exploit programming vulnerabilities by potentially inserting counterfeit frames in different ways, offering them the ability to extract sensitive information .

In other words, the attacker could insert plain text frames into an originally protected WiFi network, taking advantage of the fact that certain devices trust these plain text frames, apparently handshake messages, which is why, in reality, many users could end up being victims of this attack .

Hackers, for example, could intercept traffic to the device in question, tricking the target into using a malicious DNS server.

In fact, the researchers used a total of 75 devices , including Android, iOS, Linux, Windows or macOS devices, in addition to network cards and four home routers, and found that all the devices tested were vulnerable to some of these attacks .

At the moment, since these security flaws have been known, the Wi-Fi Alliance has been working with the different device vendors in order to mitigate these problems. Thus, Microsoft, for example, has already addressed three errors that affect its Windows operating system, through patches released on March 9. Although he still has nine to tackle.

To point out that, in case you want to check whether or not your router is vulnerable to recently discovered attacks, Mathy Vanhoef has published a useful tool through his GitHub page, as well as a demonstration through his YouTube channel.

Go from a traditional CV to a digital and comprehensive one

The reality is that a person's CV on paper does not accurately reflect whether that person is suitable for a job, says Guillermo Elizondo.

Prime Day does not save Amazon and reports only 15% growth

The big tech companies are disappointing shareholders and Wall Street's response is to stop betting on them.

Goodbye to “irregular import” cell phones: ZTE will block them in Mexico

The company explained that it will send a message to the smartphones from which it "does not recognize" its import.

77% of the semiconductors that Intel manufactured in 2020 came from Asia

Upon the arrival of the new 13th Generation Intel Core in Mexico, the company spoke about its most relevant segments.

Japanese scientists create a 'washing machine for humans'

Can you imagine taking a relaxing bath in a machine that washes you with bubbles, plays relaxing music or videos?