A set of vulnerabilities in how Wi-Fi is designed and used in practice expose virtually every Wi-Fi-enabled device to some form of attack. A handful of those flaws have been around since the original Wi-Fi standard debuted in 1997.
The findings, publicly disclosed this week by New York University Abu Dhabi researcher Mathy Vanhoef, show that an attacker within Wi-Fi range of a target network could potentially exfiltrate data from a victim and compromise their devices. But while the sheer scale and scope of the exposure is staggering, many of the attacks would be difficult to carry out in practice, and not all Wi-Fi devices are affected by all of the flaws.
Vanhoef collectively calls the findings “Frag Attack,” short for “fragmentation and aggregation attacks,” because the flaws largely relate to subtle issues in how Wi-Fi chops up and reorders data in transit to move information as quickly as possible, then puts that data back together on the other end.