"FragAttacks" Wi-Fi vulnerabilities affect millions of devices

The news about a number of vulnerabilities was recently released newly discovered on all Wi-Fi enabled devices that dating back over 20 years and allowing an attacker to steal data if it is within reach.

This series of vulnerabilities were discovered by security researcher Mathy Vanhoef, the vulnerabilities are collectively called "FragAttacks".

"Three of the vulnerabilities discovered are design flaws in the WiFi standard and therefore affect most devices," said Mathy Vanhoef, the Belgian security and academic researcher who discovered Frag Attacks.

The rest are vulnerabilities caused "by widespread programming errors [in the implementation of the WiFi standard] in WiFi products," Vanhoef said.

"Experiments indicate that every WiFi product is affected by at least one vulnerability and that most products are affected by multiple vulnerabilities," said Vanhoef, who is also scheduled to give an in-depth talk on his findings in late June. this year in August on the USENIX. '21 security conference.

As mentioned three of the vulnerabilities are design flaws in the Wi-Fi standard and affect most devices, while the remaining vulnerabilities are the result of programming errors in Wi-Fi products.

Exploitation of vulnerabilities can allow an attacker within radio range to target devices in various ways. In one example, an attacker could inject plain text frames into any secure Wi-Fi network. In another example, an attacker could intercept traffic by prompting the victim to use an infected DNS server.

Vanhoef notes that experiments indicate that at least one vulnerability can be found in every Wi-Fi product and that most products are affected by multiple vulnerabilities, as he tested devices with various Wi-Fi devices, including popular smartphones such as Google's. , Apple, Samsung and Huawei, as well as computers from Micro-Start International, Dell and Apple, IoT devices from Canon and Xiaomi, among others.

There is no evidence that the vulnerabilities have been exploited at some point and when addressing the report, Wi-Fi Alliance said vulnerabilities are mitigated through updates of routine devices that allow detection of suspicious transmissions or enhance compliance with security implementation best practices.

"FragAttacks is a classic example of how software can have both design vulnerabilities and execution vulnerabilities," 

“Before someone starts a code editor, the design phase should include secure design principles driven by threat modeling… During deployment and testing, automated security testing tools help locate security vulnerabilities. security so they can be fixed before launch. '

The vulnerabilities are cataloged as follows:

WiFi standard design flaws

  • CVE-2020-24588: Aggregation attack (accepts A-MSDU frames that are not SPP).
  • CVE-2020-24587: mixed key attack (reassembly of encrypted fragments under different keys).
  • CVE-2020-24586 - Chunk cache attack (Failure to clear chunks from memory when (re) connecting to a network).

Implementation flaws of the WiFi standard

  • CVE-2020-26145: Accepting Plain Text Streaming Chunks as Full Frames (on an encrypted network).
  • CVE-2020-26144: Acceptance of plain text A-MSDU frames that start with an RFC1042 header with EtherType EAPOL (on an encrypted network).
  • CVE-2020-26140: Acceptance of Plain Text Data Frames on a Protected Network.
  • CVE-2020-26143: Acceptance of Fragmented Plain Text Data Frames on a Protected Network.

Other implementation failures

  • CVE-2020-26139: EAPOL frame forwarding even though sender is not yet authenticated (should only affect APs).
  • CVE-2020-26146: Reassembly of encrypted fragments with non-consecutive packet numbers.
  • CVE-2020-26147: Reassembly of Encrypted / Plain Text Mixed Chunks.
  • CVE-2020-26142: Processing fragmented frames as full frames.
  • CVE-2020-26141: Fragmented Frames MIC TKIP is not verified.

Finally if you are interested in knowing more about it, you can consult the following link.


Be the first to comment

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: AB Internet Networks 2008 SL
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.