Update Windows ASAP: ‘FragAttack’ Bugs Found Lurking in Millions of Wi-Fi Devices

Update Windows ASAP: ‘FragAttack’ Bugs Found Lurking in Millions of Wi-Fi Devices
Photo: Nicolas Asfouri, Getty Images

A slew of new Wi-Fi vulnerabilities impact everything from mobile phones and routers to, well, anything Wi-Fi-connected, according to a new report by a Belgian cybersecurity expert.

Mathy Vanhoef — who you might know for co-discovering the widespread Wi-Fi KRACK attack back in 2017 — dubbed this new collection of vulnerabilities “fragmentation and aggregation attacks,” or FragAttacks for short. In a nutshell, these are a collection of 12 different vulnerabilities that could potentially leak user information or attack a given device, if probed by a bad actor within Wi-Fi range.

Per Vanhoef’s explanation on the dedicated FragAttacks site he set up, nine of these flaws stem from programming hiccups in specific Wi-Fi products, and the other three are due to-baked in bugs in the Wi-Fi standard itself — even the security protocol some Wi-Fi networks use, called WEP, is impacted.

The good news here is that these particular flaws are pretty hard to probe, since it either requires actual “user interaction,” or is only possible when using an obscure network setting, Vanhoef wrote.

The good news here is that manufacturers are already patching their products against future FragAttacks, just in case. Yesterday, for example, Microsoft issued three separate updates to address three of the more common vulnerabilities and applied these patches to Windows 10, Windows 8.1, and Windows 7. If any of those are your OS of choice, you should update those devices ASAP. Netgear, meanwhile, already put up an advisory page about these attacks, saying that the company has already pushed out a few patches for some of their products, with more on the way.

Even if your devices aren’t patched yet, Vanhoef recommended some basic cybersecurity tips to keep yourself safe from any fraggers hiding in the shadows: use a strong, unique Wi-Fi password, and make sure you’re connecting to websites using the HTTPS encryption protocol whenever possible.

Read more details about Wi-Fi FragAttacks on Vanhoef’s website here.