IT researcher finds widespread flaws in Wi-Fi security
Hackers could exploit vulnerabilities in millions of devices

A cyber security researcher known for finding vulnerabilities in Wi-Fi security has discovered new flaws embedded in millions of Wi-Fi devices over the past two decades.
Hackers could theoretically use these vulnerabilities to steal data or take over smart home devices equipped with Wi-Fi. However, experts believe the actual risk for most Wi-Fi users is relatively small.
Belgian Mathy Vanhoef found the security flaws and calls them “frag attacks.”
Vanhoef is well-known in IT security circles for discovering a major Wi-Fi security flaw he named KRACK, short for Key Reinstallation Attack. KRACK allowed hackers to steal data, including login credentials, private chats, and credit card information, transmitted over Wi-Fi networks.
In contrast, there’s no evidence hackers are carrying out “frag attacks” at this point.
The new security flaws that Vanhoef found are even present in WPA3, also known as Wi-Fi Protected Access 3, the most updated Wi-Fi security protocol. The Wi-Fi Alliance rolled out the WPA3 certification in 2018 to protect a wider range of devices from security risks.
“Even the original Wi-Fi security protocol, called WEP, is affected. This means several of the newly discovered design flaws have been part of Wi-Fi since its release in 1997,” the researcher wrote when detailing frag attacks.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
“An adversary that is within radio range of a victim can abuse these vulnerabilities to steal user information or attack devices,” Vanhoef wrote. “Three of the discovered vulnerabilities are design flaws in the Wi-Fi standard and therefore affect most devices.”
The researcher also posted a video demonstrating how the attacks work.
Fortunately, the risk is minimal for ordinary, everyday Wi-Fi users. As an additional security measure, experts advise using VPNs on public Wi-Fi hotspots and using HTTPS websites when possible.
Like with his previous “KRACK attacks” discovery, Vanhoef informed the Wi-Fi Alliance of his discovery of “frag attacks.” According to the Industry Consortium for Advancement of Security on the Internet (ICASI), Wi-Fi device manufacturers are developing fixes.
“We would like to thank Mathy Vanhoef... for identifying these issues, reporting them to industry and participating in the coordinated disclosure of these issues,” ICASI said.
-
Layoffs loom for underskilled tech workers and poor performers
News Tech hiring managers expect to make layoffs in the coming months, with roles ripe for automation and workers with outdated skills the most likely to be cut.
By Emma Woollacott
-
Executives think AI can supercharge cybersecurity teams – analysts aren’t convinced
News As organizations adopt AI, frontline cybersecurity workers are worried AI will reduce job security and increase their manual workload
By Rory Bathgate
-
Hackers are targeting Ivanti VPN users again – here’s what you need to know
News Ivanti has re-patched a security flaw in its Connect Secure VPN appliances that's been exploited by a China-linked espionage group since at least the middle of March.
By Emma Woollacott
-
Broadcom issues urgent alert over three VMware zero-days
News The firm says it has information to suggest all three are being exploited in the wild
By Solomon Klappholz
-
Nakivo backup flaw still present on some systems months after firms’ ‘silent patch’, researchers claim
News Over 200 vulnerable Nakivo backup instances have been identified months after the firm silently patched a security flaw.
By Solomon Klappholz
-
Everything you need to know about the Microsoft Power Pages vulnerability
News A severe Microsoft Power Pages vulnerability has been fixed after cyber criminals were found to have been exploiting unpatched systems in the wild.
By Solomon Klappholz
-
Vulnerability management complexity is leaving enterprises at serious risk
News Fragmented data and siloed processes mean remediation is taking too long
By Emma Woollacott
-
A critical Ivanti flaw is being exploited in the wild – here’s what you need to know
News Cyber criminals are actively exploiting a critical RCE flaw affecting Ivanti Connect Secure appliances
By Solomon Klappholz
-
Researchers claim an AMD security flaw could let hackers access encrypted data
News Using only a $10 test rig, researchers were able to pull off the badRAM attack
By Solomon Klappholz
-
A journey to cyber resilience
whitepaper DORA: Ushering in a new era of cyber security
By ITPro