FragAttacks – New Vulnerabilities Impact Every Device that Uses Wi-Fi
Tests Show that Every Wi-Fi Device Is Affected by at Least One Flaw and that Most Devices Are Affected By Multiple Flaws.
Security specialist Mathy Vanhoef, who identified key reinstallation attacks (KRACKs) on the WPA2 protocol (used to secure Wi-Fi communication) a few years ago, has named his newest research project FragAttacks.
FragAttacks (fragmentation and aggregation attacks) are a group of new security vulnerabilities that impact Wi-Fi devices.
As stated by the cybersecurity specialist, a dozen Wi-Fi design and implementation vulnerabilities make it now possible for threat actors to steal transferred data and evade firewalls to assault devices on home networks.
He also said that numerous attacks are really difficult to abuse and need user interaction, whilst others remain superficial.
Patches for several impacted devices and software have already been deployed, thanks to a nine-month-long coordinated accountable disclosure supervised by the Wi-Fi Alliance and the Industry Consortium for Advancement of Security on the Internet (ICASI).
Linux patches have been implemented and the kernel mailing list note state that Intel has communicated the vulnerabilities in a recent firmware update, while Microsoft launched its patches in March.
Vanhoef stated in a blog post:
An adversary that is within the radio range of a victim can abuse these vulnerabilities to steal user information or attack devices.
Experiments indicate that every Wi-Fi product is affected by at least one vulnerability and that most products are affected by several vulnerabilities.
Multiple vulnerabilities have the ability to inject plaintext frames, as well as certain digital products accepting any unencrypted frame or accept plaintext aggregated frames that are similar to handshake messages.
The researcher showed how this could be exploited to make a hole in a firewall, taking over an unprotected Windows 7 device.
The biggest risk in practice is likely the ability to abuse the discovered flaws to attack devices in someone’s home network.
For instance, many smart home and internet-of-things devices are rarely updated, and Wi-Fi security is the last line of defense that prevents someone from attacking these devices. Unfortunately… this last line of defense can now be bypassed.
Other flaws relate to how Wi-Fi frames are fragmented and how recipients repair them, enabling cybercriminals to exfiltrate information
Even devices that do not support fragmentation were in danger.
Some devices don’t support fragmentation or aggregation but are still vulnerable to attacks because they process fragmented frames as full frames. Under the right circumstances, this can be abused to inject packets.
To organize an attack based on these vulnerabilities, the hacker has to be in the range of the potential victim and the relevant Wi-Fi entry point. The attacker would then have to trick the victim into downloading a picture from an adversary-controlled server.
The CVEs registered to due FragAttacks have been given a medium severity rating and have CVSS scores sitting between 4.8 to 6.5.
The Wi-Fi Alliance said that there is no proof that these flaws are being used against Wi-Fi users to harm, and these problems are mitigated via standard device updates that allow detection of dubious transmissions or improve adherence to advised security application practices.
According to Vanhoef, anyone with unpatched devices can protect against data exfiltration by using HTTPS connections.
To mitigate attacks where your router’s NAT/firewall is bypassed and devices are directly attacked, you must assure that all your devices are updated. Unfortunately, not all products regularly receive updates, in particular smart or internet-of-things devices, in which case it is difficult (if not impossible) to properly secure them.
The attack collision can also be lessened by manually configuring your domain name system server so that it cannot be affected. Depending on your Wi-Fi configuration, you can make cyber assaults less severe by deactivating fragmentation, dynamic fragmentation in Wi-Fi 6 (802.11ax) devices, and pairwise rekeys.
Unfortunately, these attacks cannot be completely prevented.