A new security flaw was discovered and recently disclosed by security researcher Mathy Vanhoef — the same researcher who had discovered the KRACK Wi-Fi vulnerability nearly four years ago — and it’s a doozy. In fact, the researcher found dozens of vulnerabilities that affect hundreds of millions of Wi-Fi devices (if not more), from phones to TVs and IoT products, regardless of their brand and year of release.
The collection of vulnerabilities was dubbed FragAttacks (short for fragmentation and aggregation attacks) and as scary as it may sound, the researcher found that these vulnerabilities affect all modern Wi-Fi security protocols including WPA3, as well as the original security protocol, WEP.
In essence, FragAttacks is a collection of security flaws that have existed since 1997 but were only recently discovered. And because they are baked into the Wi-Fi protocols, they affect virtually any devices with Wi-Fi capabilities.
These FragAttacks vulnerabilities can be abused in two ways. Firstly, if the right conditions are met, the flaws can be abused to steal sensitive data. Secondly, an attacker can exploit these flaws to attack devices connected to a home network.
The second part poses a bigger risk because, according to the researcher’s website, many smart home and IoT devices are rarely updated and they rely on the built-in security of the Wi-Fi protocols to stay impervious to malicious attacks most of the time.
Samsung began addressing all of these issues last month
Although the scope of this newfound FragAttacks vulnerability is huge, the good news is that Samsung customers might be safer than others.
It turns out that Samsung’s been quietly addressing all twelve FragAttacks vulnerabilities with the release of the April 2021 security patch, and this is probably why the company has done such an amazing job at releasing the April update for so many Galaxy devices, new and old.
The April 2021 security patch has not only addressed all the FragAttacks vulnerabilities that have been disclosed so far, but it has also includes two additional fixes for vulnerabilities labeled: CVE-2020-11264 and CVE-2020-11301. They seem to be a part of the FragAttacks collection of vulnerabilities, but they haven’t been mentioned on the security researcher’s website.
All in all, Samsung is proving once again that it’s on top of things when it comes to firmware updates and security patches. The only problem is that certain devices that have become too old will probably remain vulnerable, given that these security flaws have been around for decades.
You can use our new online tool if you want to make sure that your phone is running the latest security patch available in your region.