Soldato
- Joined
- 1 May 2003
- Posts
- 11,198
A Belgian security researcher specializing in Wi-Fi bugs has unearthed a clutch of new ones, which affect the Wi-Fi standard itself.
FragAttacks (short for FRgmentation and AGgregation attacks), the weaknesses impact all Wi-Fi security protocols, from Wired Equivalent Privacy (WEP) all the way to Wi-Fi Protected Access 3 (WPA3), thus virtually putting almost every wireless-enabled device at risk of attack.
"An adversary that is within radio range of a victim can abuse these vulnerabilities to steal user information or attack devices," Mathy Vanhoef, a security academic at New York University Abu Dhabi, said. "Experiments indicate that every Wi-Fi product is affected by at least one vulnerability and that most products are affected by several vulnerabilities."
IEEE 802.11 provides the basis for all modern devices using the Wi-Fi family of network protocols, allowing laptops, tablets, printers, smartphones, smart speakers, and other devices to communicate with each other and access the Internet via a wireless router.
According to Vanhoef, the issues stem from "widespread" programming mistakes encoded in the implementation of the standard, with some flaws dating all the way back to 1997. The vulnerabilities have to do with the way the standard fragments and aggregates frames, allowing threat actors to inject arbitrary packets and trick a victim into using a malicious DNS server, or forge the frames to siphon data.
The list of 12 flaws is as follows —
FragAttacks mitigation
If your device vendor hasn't yet released security updates addressing the FragAttacks bugs, you can still mitigate some of the attacks.
This can be done by ensuring that all websites and online services you visit use Hypertext Transfer Protocol Secure (HTTPS) protocol (by installing the HTTPS Everywhere web browser extension, for instance.
https://youtu.be/88YZ4061tYw
https://www.fragattacks.com/
What To Do if Your Device Isn’t Patched Yet
Using a VPN can prevent attacks where an adversary is trying to exfiltrate data, but it won’t prevent an attacker from bypassing your router’s NAT/firewall to directly attack devices.
General security best practices:
Update your devices, including IoT/smart devices, which don’t all receive regular updates
Don’t reuse your passwords
Back up important data
Keep off of dicey websites (common sense)
Double-check that websites you visit use HTTPS, or better yet, install the HTTPS Everywhere plugin, which forces HTTPS usages on websites that are known to support it
Manually configure your DNS server to prevent poisoning.
FragAttacks (short for FRgmentation and AGgregation attacks), the weaknesses impact all Wi-Fi security protocols, from Wired Equivalent Privacy (WEP) all the way to Wi-Fi Protected Access 3 (WPA3), thus virtually putting almost every wireless-enabled device at risk of attack.
"An adversary that is within radio range of a victim can abuse these vulnerabilities to steal user information or attack devices," Mathy Vanhoef, a security academic at New York University Abu Dhabi, said. "Experiments indicate that every Wi-Fi product is affected by at least one vulnerability and that most products are affected by several vulnerabilities."
IEEE 802.11 provides the basis for all modern devices using the Wi-Fi family of network protocols, allowing laptops, tablets, printers, smartphones, smart speakers, and other devices to communicate with each other and access the Internet via a wireless router.
According to Vanhoef, the issues stem from "widespread" programming mistakes encoded in the implementation of the standard, with some flaws dating all the way back to 1997. The vulnerabilities have to do with the way the standard fragments and aggregates frames, allowing threat actors to inject arbitrary packets and trick a victim into using a malicious DNS server, or forge the frames to siphon data.
The list of 12 flaws is as follows —
- CVE-2020-24588: Accepting non-SPP A-MSDU frames
- CVE-2020-24587: Reassembling fragments encrypted under different keys
- CVE-2020-24586: Not clearing fragments from memory when (re)connecting to a network
- CVE-2020-26145: Accepting plaintext broadcast fragments as full frames (in an encrypted network)
- CVE-2020-26144: Accepting plaintext A-MSDU frames that start with an RFC1042 header with EtherType EAPOL (in an encrypted network)
- CVE-2020-26140: Accepting plaintext data frames in a protected network
- CVE-2020-26143: Accepting fragmented plaintext data frames in a protected network
- CVE-2020-26139: Forwarding EAPOL frames even though the sender is not yet authenticated
- CVE-2020-26146: Reassembling encrypted fragments with non-consecutive packet numbers
- CVE-2020-26147: Reassembling mixed encrypted/plaintext fragments
- CVE-2020-26142: Processing fragmented frames as full frames
- CVE-2020-26141: Not verifying the TKIP MIC of fragmented frames
FragAttacks mitigation
If your device vendor hasn't yet released security updates addressing the FragAttacks bugs, you can still mitigate some of the attacks.
This can be done by ensuring that all websites and online services you visit use Hypertext Transfer Protocol Secure (HTTPS) protocol (by installing the HTTPS Everywhere web browser extension, for instance.
https://youtu.be/88YZ4061tYw
https://www.fragattacks.com/
What To Do if Your Device Isn’t Patched Yet
Using a VPN can prevent attacks where an adversary is trying to exfiltrate data, but it won’t prevent an attacker from bypassing your router’s NAT/firewall to directly attack devices.
General security best practices:
Update your devices, including IoT/smart devices, which don’t all receive regular updates
Don’t reuse your passwords
Back up important data
Keep off of dicey websites (common sense)
Double-check that websites you visit use HTTPS, or better yet, install the HTTPS Everywhere plugin, which forces HTTPS usages on websites that are known to support it
Manually configure your DNS server to prevent poisoning.