search1 bars

Blog

Frag Attacks, short for Fragmentation Aggregation Attacks, are a recently discovered security issue affecting WiFi connect devices.

Research uncovered a host of vulnerabilities in WiFi technology that stem from a mix of old design flaws and programming mistakes, some of which may have been around since as early as 1997.

Hackers can use these to steal data or plant viruses such as malware in devices.

Frag Attacks pose a potential risk for anyone, at any time.

How does it work?

A Frag Attack gets its name from the types of WiFi design flaws it targets. One concerns the ‘frame aggregation’ feature of WiFi, which increases the speed of a network and the other is the ‘frame fragmentation’ feature of WiFi, which increases the reliability of a connection. That’s how you get Fragmentation Aggregation.

To put it simply, a Frag Attack essentially does two things; it captures traffic passing through unsecure networks, mimics it, and then impersonates servers. It can also inject the network traffic with malicious text frames to give a cybercriminal server access.

What are the risks?

A Frag Attack can be used by an attacker to steal and intercept data from your WiFi network. Most websites and browsers use HTTPS, the secure version of the internet protocol (HTTP), which is protected against these attacks because the data is encrypted (hidden).

However, if unencrypted data is sent over an encrypted WiFi network, a Frag Attack can potentially bypass this encryption and cause data theft.

Most smart devices or IoT devices can also be vulnerable to attack, if they are connected to WiFi .

How to prevent a Frag Attack

Luckily, there are quite a few ways to protect your business and staff against Frag Attacks and most of these are standard cybersecurity practices, some of which you may already be doing.

Keep software and devices up-to-date

Since these WiFi vulnerabilities were uncovered, some fixes have already been released or are in the pipeline by tech companies. Microsoft has addressed three of the 12 bugs that impact Windows systems in patches released in March 2021, according to cybersecurity news site The Record.

But businesses and customers still need to keep devices up to date and, if you don’t, are therefore more at risk of an attack.

According to the Gov.uk 2021 Cyber Security Breaches Survey only four in ten businesses (43%) reported having a policy to apply software updates. This may have been put on the back burner during the height of the pandemic.

This is dangerous and ideally, any updates should be made as soon as they are released by the software manufacturer. As this can be a time-consuming task, asking your IT provider to set up a patch management system can address this.

Use secure encryption

We’ve already mentioned that a HTTPS certificate is important due to the encryption capabilities it offers. And every time you access a website, make sure you are on a secure HTTPS site.

Better yet, you can also configure your browsers to warn you before loading websites that are not encrypted.

If you can, try to use encryption even if you are simply transferring files between devices or working on your home WiFi network. This can be done by using an application that offers encryption for secure transfers.

Your business may already use a platform like Mimecast for secure emailing. Mimecast Secure Messaging enables users to easily send protected messages and files.

Use a VPN

Consider using a VPN service as it can provide you protection against Frag Attacks by routing your traffic through an encrypted connection.

Another benefit of a Virtual Private Network is that it disguises your IP address so your activities can’t be tracked. It does this by sending you onto the internet with a masked IP address, so your identity, location, and online activities stay private on the web.

Frag attacks haven’t been exploited yet, but that doesn’t mean they won’t one day. The best way to avoid any future Frag attacks or other security breach is to ensure all your WiFi connected devices are up to date, upgraded, and fully encrypted.

Contact our team to learn more about a security solution from Aura, info@auratechnology.com.