A bit of research was published this week about a security issue now called Frag Attacks. It’s a security issue that apparently could be gone by now, if companies that use or associate with WiFi internet connectivity made the effort to update their protocols and keep their hardware up-to-date, but here we are. Security researchers in Belgium revealed the vulnerabilities and showed how some of these insecure bits have been insecure for the last two decades (or more!)
A video demonstration of the vulnerabilities below shows a couple of ways in which the user can be tricked into opening up their own security gate, so to speak. One way shows how the user could be fooled – but could also be aware of being fooled even as the fooling is taking place. The second way shows an Internet of Things WiFi-connected outlet and a lamp switching off and on… maliciously!
Imagine a modern ghost story where all your smart lamps turn off and on in the night – spooky!
As noted by the security researchers publishing their report this week, it’s likely this set of vulnerabilities was actually – sort of – patched in the past. As noted, the defense against the attack was likely not already adopted by all “because it was only considered a theoretic vulnerability when the defense was created.”
But don’t panic! Ways to avoid being the victim of potential malicious attacks are relatively simple. As noted by the security researchers that’ve published this vulnerability set, double-check that websites you are visiting use HTTPS. You can see the HTTPS in your web browser’s URL bar – make sure it appears whenever you’re planning on entering any sort of username and/or password.
You can check out the EFF’s HTTPS everywhere plugin – easy to work with for desktop machines. You’ll also definitely want to have security turned ON for your WiFi network. This is a bummer since some folks have been known to, very kindly, share their internet access with friends and neighbors – in an apartment complex, for example – BUT, those days are effectively done. If you’re all about sharing, you’ll do well to share your password with friends and neighbors person-to-person, rather than leaving that network wide open.
The big deal here is that Frag Attacks as noted in the research are easy to block, but require that companies and individuals update their devices. The patching of the vulnerability requires that everyone be onboard with the software fixes outlined in the research. Make sure you update all your devices, and keep an eye on the “SECURE” bit of your web browser – and make sure you’re always on HTTPS!