FOLLOW US

Tue

July 14, 2026

Investigates May 24, 2021 4 mins read

FragAttacks Allow Hackers to take Advantage of Vulnerabilities in billions of Wi-Fi devices 

Investigates ı By Jackie Allen

0 Comments

frag attack

Wi-Fi technology depends on the ability to break big data into smaller data clusters. Depending on the network requirements the data constantly shifts from larger to smaller data packets. Researcher Mathy Vanhoef published a study last week which explains what he calls FragAttacks. A hacker within radio range can exploit a dozen vulnerabilities with the potential to impact huge numbers of wi-fi-enabled devices.

Vanhoef documents how hackers can redirect users to malicious websites. They may also exploit or tamper with network-connected devices. In FragAttacks, short for fragmentation and aggregation attacks, hackers inject malicious commands into encrypted Wi-Fi traffic. WPA-based encryption protection has serious vulnerabilities.

Trusted networks open to FragAttacks

With these types of hacks data in the form of malicious coding can be injected into the Wi-Fi traffic. But it’s not possible to exfiltrate and pull anything out. In other words, FragAttacks don’t let the hacker read users' passwords or other private data. 

Vanhoef’s previous research outlined a Wi-Fi attack of Vanhoef, known as  Krack. Krack differs from a FragAttack because it does allow the hacker access to sensitive and hidden info. But FragAttack hackers can inflict a lot of damage, especially when combined with other types of hacking.

The vulnerabilities Vanhoef outlines now have been around since 1997 when Wi-Fi first started to be used. can be exploited to inflict other kinds of damage, particularly if paired with other types of hacks.

“It's never good to have someone able to drop packets into your network or target your devices on the network,” Mike Kershaw, a Wi-Fi security expert, and developer of the open-source Kismet wireless sniffer and IDS, reports.

“In some regards, these are no worse than using an unencrypted access point at a coffee shop—someone can do the same to you there, trivially—but because they can happen on networks you'd otherwise think are secure and might have configured as a trusted network, it's certainly bad news.”

12 Vulnerabilities

 

In the Wi-Fi specification, one of the flaws tracked as CVE-2020-24588 can be exploited to force Wi-Fi devices to use a rogue DNS server. This redirects users to malicious websites. This allows hackers can read and modify unencrypted traffic. Rogue DNS servers are also vulnerable to DNS rebinding attacks. In the rebinding attacks, malicious code creates device-to-device attacks where they are connected to the same network.

Four of the 12 known vulnerabilities that make up  FragAttacks are implementation flaws. This means they are created by bugs that software developers introduce when writing Wi-Fi-based specification code. In an attack, the hacker uses the bug to bypass security.

Vanhoef reveals how to exploit the four vulnerabilities to allow an attacker to, “punch a hole through a router’s firewall.” With the ability to connect directly to devices behind a firewall, Internet attackers can then send them malicious code or commands.

A lot of Wi-Fi flaws are now under review. And even with Vanhoefs report, no one is certain which devices are vulnerable. And which vulnerabilities have received security updates. It’s very possible that many Wi-Fi-enabled devices will never be fixed.

Who is at-risk and how to fix

On May 11th the  Industry Consortium for Advancement of Security on the Internet (ICASI) issued a statement on Aggregation and Fragmentation Attacks against Wi-Fi.  A comprehensive list of Vanhoef’s FragAttack advisories is available on Github.

Keep in mind that, FragAttacks aren’t likely to be launched against most Wi-Fi users. These attacks high-end hacker skills. They also need proximity. An attacker must be within 100 feet to a half-mile of the target, depending on the equipment the hacker is using. 

There is a higher threat to networks used by retail chains, corporate networks, or governmental agencies where security is key. When updates are available, install them, but individuals are more at-risk from drive-by downloads than FragAttacks.

Previous Article

California Restaurant Industry Takes a Brutal Hit

Read More
3226 Posts

Jackie Allen

Jackie is a freelance journalist and technology geek. She worked as a telecom project director for AT&T and BellSouth. Before joining the USA Herald she has written books, articles, blogs and whitepapers. Her clients include Samsung and other technology companies.

Discussion

No comments yet. Be the first to join the discussion!

Don’t Miss It
America July 12, 2026
two killed in Toronto After Deadly street festival shooting
By – Rihem Akkouche
America July 12, 2026
Elephant Fire burns 4500 acres in Sierra County
By – Rihem Akkouche
America July 11, 2026
1 dead After fire at Davis apartment complex
By – Rihem Akkouche
Arizona January 11, 2025
Kelly Warner Law Firm Blames USA…

In what appears as a desperate attempt to defend multiple…

By – USA Herald
Arizona January 4, 2025
Aaron Kelly Law Firm Resorts To…

Attorney Aaron Kelly and his law partner Daniel Warner are…

By – Jeff Watterson
Arizona December 12, 2024
Arizona Bar Opens Investigation on Attorney…

USA Herald recently reported on a developing story involving Attorneys…

By – Paul O'Neal
America July 11, 2026
Apple Sues OpenAI Over Trade Secrets…

The partnership that placed ChatGPT inside hundreds of millions of…

By – Rihem Akkouche
America July 11, 2026
NYT Air Force One Subpoena Targets…

They came on a Friday evening, to the homes of…

By – Rihem Akkouche
America July 11, 2026
Gordie Howe Bridge to Open on…

Named for a hockey legend who won four Stanley Cups…

By – Rihem Akkouche
America July 11, 2026
Teen Football Player’s Death on Uninhabited…

Christine and Elmore Wonsley are not sleeping. They cannot. A…

By – Rihem Akkouche
America July 11, 2026
Hundreds Of People at Summer Camp…

The water came faster than the roads could handle and…

By – Rihem Akkouche
America July 11, 2026
UFC Event Allegedly Targeted in White…

WASHINGTON, D.C. — A historic UFC Event held on the…

By – Jackie Allen
America July 11, 2026
UFC Event Allegedly Targeted in White…

WASHINGTON, D.C. — A historic UFC Event held on the…

By – Jackie Allen
America July 10, 2026
Russia Sanctions Bill Gains BiPartisan as…

WASHINGTON, D.C. — Russia Sanctions legislation moved closer to becoming…

By – Jackie Allen
America July 10, 2026
Manhattanhenge 2026: Final Summer Sunset Alignment…

NEW YORK — Manhattanhenge is making its final appearance of…

By – Jackie Allen
America July 10, 2026
Jared Isaacman Says NASA Has Unexplained…

WASHINGTON, D.C. — Jared Isaacman, the administrator of NASA, says…

By – Jackie Allen
America July 9, 2026
Erika Kirk Seeks Public Release of…

Erika Kirk, the widow of Turning Point USA co-founder Charlie…

By – Jackie Allen
America July 9, 2026
DOJ Warns Election Officials of Prosecution

The Trump DOJ warns election officials in every state and…

By – Michallie Harrison
America July 9, 2026
Bonnie Tyler Remembered as Legendary Welsh…

Bonnie Tyler, the Welsh singer whose unmistakable raspy voice powered…

By – Jackie Allen
America July 9, 2026
Assault on Iran Escalates as U.S.…

The Assault on Iran intensified after the United States launched…

By – Jackie Allen
America July 9, 2026
Broadcom Deal: Apple Commits More Than…

Apple is dramatically expanding its investment in American semiconductor manufacturing…

By – Jackie Allen
America July 8, 2026
Arranged Marriage Ends in Tragedy: Amazon…

An Arranged Marriage that began in the summer of 2025…

By – Jackie Allen
America July 8, 2026
Forensic Scientist Henry Lee’s Final Interview…

A legendary Forensic Scientist whose testimony influenced some of America’s…

By – Jackie Allen
America July 6, 2026
Accused of Rape:  Graham Platner Denies…

Accused of Rape, Maine Democratic U.S. Senate candidate Graham Platner…

By – Jackie Allen
America July 6, 2026
Accused of Rape:  Graham Platner Denies…

Accused of Rape, Maine Democratic U.S. Senate candidate Graham Platner…

By – Jackie Allen
America July 6, 2026
AI Regulation Debate Intensifies After Peter…

 The global debate over AI Regulation took a dramatic turn…

By – Jackie Allen
America July 5, 2026
California Chaos: Fourth of July Celebrations…

California Chaos unfolded across parts of Southern California during the…

By – Jackie Allen
America July 5, 2026
Paul Pelosi Faces Charge After Alleged…

Paul Pelosi, the husband of former House Speaker Nancy Pelosi,…

By – Jackie Allen
America July 4, 2026
Beach Closures Expand Across Long Island…

Beach Closures were spread across parts of New York just…

By – Jackie Allen
America July 3, 2026
Mars Rover Images Lead to Debates…

A new Mars Rover image captured by NASA’s Curiosity mission…

By – Jackie Allen
America July 3, 2026
Mars Rover Images Lead to Debates…

A new Mars Rover image captured by NASA’s Curiosity mission…

By – Jackie Allen
America July 3, 2026
Taylor Swift and Travis Kelce’s Star-Studded…

Taylor Swift and Travis Kelce’s highly anticipated wedding is finally…

By – Rihem Akkouche
America July 3, 2026
Federal Judge Sends Bad Bunny Reggaeton…

INSIDE THIS REPORT A federal judge denied summary judgment to…

By – Samuel Lopez
America July 3, 2026
Mike Rowe Sues Discovery for $2…

Inside This Report Mike Rowe is suing Discovery, claiming the…

By – Samuel Lopez
America July 3, 2026
7-Eleven Sues Nike Over Alleged Air…

INSIDE THIS REPORT Nike faces a federal trademark lawsuit over…

By – Samuel Lopez
America July 3, 2026
16 Children Rescued From Ohio Home…

16 Children have been rescued from what Ohio authorities describe…

By – Jackie Allen
Health July 2, 2026
The Hidden Science Behind Why Your…

For millions of people, the first conscious act of the…

By – Tyler Brooks
Health July 2, 2026
The High Cost of the Infinite…

A significant legal chapter is closing for one of the…

By – Tyler Brooks
Health July 2, 2026
Kentucky Medicaid Alert How The Upcoming…

A significant change is arriving for thousands of Kentucky residents…

By – Tyler Brooks
Health June 29, 2026
Everything You Need to Know About…

As the calendar turns to July 1, residents of Georgia…

By – Tyler Brooks
Breaking News June 26, 2026
Trump Seeks $1.4 Billion as Congo…

The Trump Ebola funding request would provide more than $1.4…

By – Michallie Harrison
Health June 25, 2026
Temperatures in France were higher than…

The images coming out of Europe this week are nothing…

By – Tyler Brooks
America July 2, 2026
Taylor Swift Wedding Reports Claim Private…

Taylor Swift Wedding speculation intensified after reports claimed that pop…

By – Jackie Allen
High Profile Court Cases July 2, 2026
Justice Served as Former NFL Scout…

The Nashville courtroom fell silent this Wednesday as a jury…

By – Tyler Brooks
America June 29, 2026
Stonewall Riots: An Uprising That Changed…

The Stonewall Riots marked one of the most significant turning…

By – Jackie Allen
Sports June 26, 2026
USMNT Lost to Turkey at 90+8.…

Kaan Ayhan’s goal came in the 90th minute, plus eight.…

By – Nicolas Carreno
Entertainment June 25, 2026
Tears, Goals, and the Siuuu: IShowSpeed’s…

The 2026 FIFA World Cup has been a rollercoaster of…

By – Tyler Brooks
America June 22, 2026
World Cup History Made as Lionel…

World Cup history was made Monday afternoon in Arlington, Texas,…

By – Jackie Allen

No posts found.

No posts found.

Signup for the USA Herald
exclusive Newsletter