Old bugs exposing all WiFi enabled devices to FragAttacks

Among 75 WiFi devices tested; all were found to be vulnerable to one of the FragAttacks.

FragAttacks- A Newly Discovered Threat

A Belgian cybersecurity researcher Mathy Vanhoef has revealed in his latest blog post that newly discovered vulnerabilities dubbed FragAttacks (fragmentation and aggregation attacks) are pervasive and put at risk all devices with WiFi.

The flaws stem from some bugs that date back to 1997. It is alarming that the vulnerabilities caused by programming issues in WiFi-enabled devices and impact all WiFi devices.

Vanhoef is the same researcher who discovered the KRACK (Key Reinstallation Attacks) vulnerabilities in 2017.

How the Attack Works?

The vulnerabilities, if exploited, allow anyone within the radio range to target devices and steal user data. However, it is quite difficult to exploit the flaws as the attack relies on relatively uncommon network settings and user interaction.

According to Vanhoef some of the flaws can be exploited to inject plaintext frames into any secure WiFi network. It is an easy method to infect a network as certain devices accept plaintext aggregated frames that seem like handshake messages, explained Vanhoef. The attacker can also intercept traffic simply by prompting the victim into using an infected DNS server.

Vanhoef tested four home routers and identified that two of them were affected by this vulnerability, as well as specific IoT devices and smartphones. He tested several devices, including Google, Apple, Samsung, and Huawei smartphones, MSI, Dell, and Apple computers, Canon and Xiaomi IoT devices, D-Link, Linksys, and Asus routers, and Cisco, Aruba, and Lancom access points.

Vulnerabilities Impact All WiFi Security Protocols

Almost all WiFi security protocols are affected by the vulnerabilities, including the old one WEP and the latest one WPA3. That’s why Vanhoef is confident that the flaws have existed since 1997.

Moreover, among 75 WiFi devices tested all were found to be vulnerable to one of the FragAttacks. Most of the tested products were affected by several vulnerabilities.

Reportedly, a dozen CVE identifiers have been assigned to FragAttack, which includes three CVEs for aggregation-related design flaws, fragment cache, and mixed key attacks, and four CVEs are assigned for implementation issues. Five CVEs are for miscellaneous implementation flaws.

Some vulnerabilities are linked to the process that allows the WiFi standard to break and reassemble network packets. This allows an attacker to inject their own malicious code and siphon data.

FargAttacks demonstration:

If you are concerned about FragAttacks and want to learn more, visit the detailed research paper and dedicated website set up by Vanhoef. Additionally, the researcher has released an open-source tool that can be used to identify if your devices are exposed to FragAttacks. You can also watch Vanhoef’s presentation at USENIX Security ’21 here.

Did you enjoy reading this article? Do like our page on Facebook and follow us on Twitter.

1 comment

Comments are closed.

Related Posts