I found some design and implementation flaws in Wi-Fi again. All Wi-Fi devices are affected. It was a long ~9 months embargo, over this time a lot of info has been collected and that info now available at fragattacks.com

6:20 PM · May 11, 2021

41
1,399
3,113
The findings consist of three design flaws and several widespread implementations flaws. Some of the flaws have been part of Wi-Fi since 1997! Full details are in my paper: papers.mathyvanhoef.com/usen…
2
59
238
I'd like to thank everyone who was involved in this coordinated disclosure! It was a long process and I'm glad this work is now over :)
1
1
98
With that news out of the way: later this year I'll be starting as a professor at @KU_Leuven Exciting times ahead!
22
5
253
One design flaw can be used to inject packets towards clients. Makes it possible to force victim to use malicious DNS server. Some implementation flaws can be abused to inject packets towards an AP. Can be abused to punch a hole in the router's NAT and attack local devices.
1
11
91
The impact of the attacks really depends on the device. Sometimes the impact is very minor and there's nothing to worry about. Sometimes the impact is serious.
1
3
68
As always though: update your devices, we never know when attacks will improve. Check with your vendor to know the current practical impact for your device.
0
3
79
Replying to @vanhoefm
Awesome, invaluable info. Thanks for sharing
0
0
4
Replying to @vanhoefm
Nice work!!
0
0
3
Also check out github.com/vanhoefm/fragatta… It's test tool with 45+ test cases, a live USB image, can test both APs and clients, both home and enterprise networks, supports multiple network cards, and contains references to slides and other overview info :)
4
71
247
Replying to @vanhoefm
So, another round of updates it is then ... once the vendors catch up.
1
0
3
I would hope the biggest vendors already have patches soon... though not everyone was part of the embargo
1
0
6