Almost every Wi-Fi device is currently vulnerable

Recently, a whole raft of security flaws have been found that impact all Wi-Fi devices, including smart phones, IoT devices, and personal computers going back as far as 1997. This unfortunately means that almost every Wi-Fi device in use today is vulnerable.

Collectively, the attacks associated with these issues have been dubbed FragAttacks (read this link to get the details on this issue).


The discoverers had this to say about them

"Experiments indicate that every Wi-Fi product is affected by at least one vulnerability and that most products are affected by several vulnerabilities.

The discovered vulnerabilities affect all modern security protocols of Wi-Fi, including the latest WPA3 specification. Even the original security protocol of Wi-Fi, called WEP, is affected. This means that several of the newly discovered design flaws have been part of Wi-Fi since its release in 1997!"

If there's a silver lining to be had, it lies in the fact that an attacker needs to be within the Wi-Fi range of the device targeted in order to execute the attack and either inject malicious code or steal sensitive data. However, if the attacker is in range, it's entirely possible for him to take complete control of the target device.

Vanhoef also notes that the flaws are somewhat difficult to abuse because they rely on network settings not commonly used, which, combined with the first point does offer a measure of protection.

Nonetheless, this is about as serious as it gets, but fortunately, vendors are already in the process of developing patches to address the issues.


The patches are being tracked as follows

  • CVE-2020-24588
  • CVE-2020-24587
  • CVE-2020-24586
  • CVE-2020-26145
  • CVE-2020-26144
  • CVE-2020-26140
  • CVE-2020-26143
  • CVE-2020-26139
  • CVE-2020-26146
  • CVE-2020-26147
  • CVE-2020-26142
  • CVE-2020-26141


My perspective

Finally, note that there's no evidence at this point that any of these attacks are being used in the wild. Even so, these flaws represent a serious point of weakness. Until patches are developed and deployed, researchers recommend disabling fragmentation, disabling pairwise rekeys and disabling dynamic fragmentation in Wi-Fi 6 (802.11ax) devices.


South Park's Stan March would have said: "Oh my god, they killed Kenny!"


By Denis Wilson

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT Support

Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPIA Blogs. You can also find me on LinkedIn, Facebook, and Twitter

I am also a published author and speaker on cloud computing, work@home, and cybersecurity. I work extensively with business and professional associations to provide small business technology education programs.


Contact me if you would like me to speak to your association