Newly discovered Wi-Fi security vulnerabilities collectively known as FragAttacks (fragmentation and aggregation attacks) are impacting all Wi-Fi devices (including computers, smartphones, and smart devices) going back as far as 1997.
Three of these bugs are Wi-Fi 802.11 standard design flaws in the frame aggregation and frame fragmentation functionalities affecting most devices, while others are programing mistakes in Wi-Fi products.
“Experiments indicate that every Wi-Fi product is affected by at least one vulnerability and that most products are affected by several vulnerabilities,” security researcher Mathy Vanhoef (New York University Abu Dhabi), who discovered the FragAttacks bugs, said.
“The discovered vulnerabilities affect all modern security protocols of Wi-Fi, including the latest WPA3 specification. Even the original security protocol of Wi-Fi, called WEP, is affected.
“This means that several of the newly discovered design flaws have been part of Wi-Fi since its release in 1997!,” Vanhoef added.
Attackers abusing these design and implementation flaws have to be in the Wi-Fi range of targeted devices to steal sensitive user data and execute malicious code following successful exploitation, potentially leading to full device takeover.
FragAttacks vulnerabilities’ impact
Luckily, as Vanhoef further found, “the design flaws are hard to abuse because doing so requires user interaction or is only possible when using uncommon network settings.”
However, the programming mistakes behind some of the FragAttacks vulnerabilities are trivial to exploit and would allow attackers to abuse unpatched Wi-Fi products with ease.
FragAttacks CVEs associated with Wi-Fi design flaws include:
CVE-2020-26142: Processing fragmented frames as full frames.
CVE-2020-26141: Not verifying the TKIP MIC of fragmented frames.
The researcher also made a video demo demonstrating how attackers could take over an unpatched Windows 7 system inside a target’s local network.
Security updates already released by some vendors
The Industry Consortium for Advancement of Security on the Internet (ICASI) says that vendors are developing patches for their product to mitigate the FragAttacks bugs.
These security updates have been prepared during a 9-month-long coordinated disclosure process supervised by ICASI and the Wi-Fi Alliance.
“There is no evidence of the vulnerabilities being used against Wi-Fi users maliciously, and these issues are mitigated through routine device updates that enable detection of suspect transmissions or improve adherence to recommended security implementation practices,” the Wi-Fi Alliance said.
“As always, Wi-Fi users should ensure they have installed the latest recommended updates from device manufacturers.”
FragAttacks mitigation
If your device vendor hasn’t yet released security updates addressing the FragAttacks bugs, you can still mitigate some of the attacks.
This can be done by ensuring that all websites and online services you visit use Hypertext Transfer Protocol Secure (HTTPS) protocol (by installing the HTTPS Everywhere web browser extension, for instance.)
Additional mitigation advice available on the FragAttacks website suggests “disabling fragmentation, disabling pairwise rekeys, and disabling dynamic fragmentation in Wi-Fi 6 (802.11ax) devices.”
An open-source tool to determine if access points and Wi-Fi clients on your network are affected by the FragAttacks flaws is also available on GitHub.
During the last four years, Vanhoef also discovered the KRACK and Dragonblood attacks allowing attackers to observe the encrypted network traffic exchanged between connected Wi-Fi devices, crack Wi-Fi network passwords, forge web traffic by injecting malicious packets and steal sensitive information.