Security researcher Mathy Vanhoef (New York University Abu Dhabi) has discovered vulnerabilities in the global WiFi protocol standard. These affect all devices that communicate via WiFi connection - such as smartphones, tablets, computers, speaker boxes, radios, routers.
The vulnerabilities enable attacks known as "FragAttacks" or "Fragmentation and Aggregation Attacks". According to current knowledge, third parties can decrypt data from a secure WiFi connection to a limited extent or inject their own data. Two conditions must be met for this to happen. The attacker must be within range of the WiFi network and he must technically force his way into the existing connection between the WiFi access point and a device, for a so-called "man-in-the-middle" attack.
If the data itself is additionally encrypted, for example because it is retrieved from a secured website, it cannot be manipulated in this way, of course. Whether these vulnerabilities have ever actually been exploited is not known.
Since the wireless standard itself has a design weakness, it is not enough to simply use different device settings. Therefore, a software update is necessary. Deutsche Telekom takes the issue very seriously and is already working with its manufacturers and suppliers to be able to offer and use such updates. Whenever an updated software version is available for devices sold or leased by us, we immediately point this out. Devices used by Deutsche Telekom AG itself are also updated immediately to benefit from the best possible protection.
Deutsche Telekom devices with WiFi functionality usually install available updates automatically or at least prompt the user to install them. Deutsche Telekom WiFi routers of the Speedport series receive an update automatically if the free "Easy Support" service is activated in the device. More info
