Widespread flaws affecting Wi-Fi have been disclosed to the public by security researcher Mathy Vanhoef nine months after he tipped the Wi-Fi Alliance off about the problem. The vulnerabilities, reported by Gizmondo from a site set up by Vanhoef exploit mistakes in the implementation of Wi-Fi standards, and can affect any Wi-Fi device no matter how old, and running any level of security including WPA 2 and 3.
“The biggest risk in practice,” Vanhoef writes, “is likely the ability to abuse the discovered flaws to attack devices in someone's home network. For instance, many smart home and internet-of-things devices are rarely updated, and Wi-Fi security is the last line of defense that prevents someone from attacking these devices. Unfortunately, due to [these] vulnerabilities, this last line of defense can now be bypassed.”
There is some good news, however: most of the flaws are hard to exploit, patches are available for many devices, including three from Microsoft going all the way back to Windows 7, and from all major router manufacturers (though not all models have received new firmware yet). At the time of writing Vanhoef said he wasn’t aware of any attacks in the wild using the exploits. This could be a good time to ditch your service provider’s router for the latest and best routers.
