Almost all Wi-Fi is potentially vulnerable to flaws that date back to 1997 when it became commercially available, but even the person who discovered the weaknesses says some of them are difficult to exploit.\n\nWi-Fi resources\n\n Test and review of 4 Wi-Fi 6 routers: Who\u2019s the fastest?\n How to determine if Wi-Fi 6 is right for you\nFive questions to answer before deploying Wi-Fi 6\n Wi-Fi 6E: When it\u2019s coming and what it\u2019s good for\n\n\nMathy Vanhoef, a post-doctoral student at NYU Abu Dhabi, has created attacks\u2014FragAttacks\u2014that take advantage of the vulnerabilities, but in an academic paper about them, says the most widespread vulnerabilities can be exploited only under specific, rare conditions, and require either user interaction or highly unusual configurations to succeed.\nOther vulnerabilities\u2014what he calls programming mistakes made by vendors in their Wi-Fi products\u2014are easily exploited.\nVanhoef\u2019s website about FragAttacks says his exploits can enable attackers within radio range to steal user information or attack devices on users networks. The flaws fall into two categories: Those in the Wi-Fi standard itself, and therefore affecting most devices, and those caused by widespread programming mistakes in individual Wi-Fi-product implementations.\n\nAmong major Wi-Fi vendors, only Aruba\/HPE and Huawei have publicly acknowledged the disclosure of the FragAttack flaws. Aruba issued a statement saying that its access points contained the flaws, but that it updated its software prior to this week\u2019s disclosure of them, and provided a document detailing which APs have been patched.\nHuawei stated that it has \u201claunched an immediate investigation,\u201d and pledged to provide public updates when it has more information to share.\nCommScope RUCKUS posted a blog describing the problem and how to deal with it as well as setting up a FragAttacks support page that includes more details and resources including its security-patch release schedule.\nCisco and Ubiquiti declined to comment as of Friday afternoon.\nVanhoef is issuing his report after nine months of disclosure with Wi-Fi vendors to enable them to fix the problems. A tool to check whether equipment is vulnerable to these flaws is available here for free.\nThe three most wide-ranging and serious flaws can allow attackers to inject malicious frames into a protected Wi-Fi network. This could allow an attacker to trick a client device into using a malicious DNS server or to force traffic through a router, bypassing NAT and firewalls. The weaknesses affect products made by nearly all of the major manufacturers.\n\u201cFortunately, the [Wi-Fi-standard] design flaws are hard to abuse because doing so requires user interaction or is only possible when using uncommon network settings,\u201d according to Vanhoef\u2019s site. \u201cAs a result, in practice the biggest concern are the programming mistakes in Wi-Fi products since several of them are trivial to exploit.\u201d\nThe most exploits work because of vulnerabilities in the way Wi-Fi handles frame fragmentation and frame aggregation, according to Vanhoef. Frame aggregation is designed to make network connections faster by combining smaller frames into a larger one, using a system of flags that tells devices whether a given frame is a single frame or an aggregated one. The problem is that the \u201caggregated\u201d flag is not authenticated on both ends of the connection and can be spoofed by a bad actor.\nFragmentation does the opposite, splitting larger frames into smaller ones for increased reliability. The flaw is that receiving devices aren\u2019t required to check whether all parts of a split frame have been encrypted using the same keys, meaning that an attacker could steal data from a network by mixing up different fragments.\nThe other vulnerabilities identified by Vanhoef include aspects of Wi-Fi\u2019s WPA security protocols that don\u2019t do enough by default to authenticate and match up all parts of a message, leaving openings that could be used to compromise networks and steal data.\nForrester analyst Andre Kindness said the chances of these flaws being exploited in the wild seem remote at best.\n\u201cIs it something that would keep me up at night? Heck no,\u201d Kindness said. \u201cIt\u2019s like an Oceans 11 or Mission: Impossible scenario\u2014you\u2019d have to know what someone has. You\u2019d have to encounter the perfect scenario where someone didn\u2019t do something right in the firmware for the device or AP, and you\u2019d have to be in radio distance.\u201d\nKindness said that enterprise users should simply ensure all their patching is up-to-date, use the scanning tool, and proceed from there if they discover flaws.\nVanhoef is scheduled to present a talk on FragAttack at the USENIX Security Symposium, scheduled as a virtual event Aug. 11\u201313.