A security researcher has discovered a flaw that allows a specific attack to be launched – millions of Wi-Fi devices around the world could be at risk.
A security researcher known for identifying Wi-Fi vulnerabilities has discovered another vulnerability. It turns out that this is a security vulnerability that allows for “failed” attacks. According to the researchers, this type of vulnerability is widespread because it is caused by the Wi-Fi standard itself. Some of them can be traced back to 1997. Most of the weaknesses are due to classic programming flaws.
In theory, if each of the vulnerabilities could be exploited, this would allow an attacker to steal information about a specific user or devices. However, the chance of this type of vulnerability being misused would be very small – an attacker would have to be within the wireless range of a Wi-Fi network to implement them. The attacks also require user interaction or unusual network settings.
Several errors can be used, according to Matthew Vanhof, to easily “inject” code into a protected Wi-Fi network. Vanhoef found in his experiments that the vulnerability affects two of the four home routers tested, several smart home devices, and some smartphones.
Other vulnerabilities are related to the process by which the Wi-Fi standard cuts network packets and then regroups them, allowing attackers to retrieve data by injecting their malicious code during the process.
Interestingly, Microsoft has already addressed three out of 12 reported errors affecting Windows. A Linux kernel patch is also being prepared.
Most companies have started developing their own security patches. However, its delivery will be difficult – no user will ever update the router’s firmware.