Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

IoT Security

FragAttacks: New Vulnerabilities Expose All Devices With Wi-Fi to Attacks

FragAttacks

A researcher this week disclosed the details of a dozen design and implementation flaws that could affect all devices with Wi-Fi capabilities, exposing their users to remote attacks.

FragAttacks

A researcher this week disclosed the details of a dozen design and implementation flaws that could affect all devices with Wi-Fi capabilities, exposing their users to remote attacks.

The vulnerabilities, dubbed FragAttacks (fragmentation and aggregation attacks), were discovered by researcher Mathy Vanhoef, who was also involved in the discovery of the Key Reinstallation Attack (KRACK) vulnerabilities back in 2017.

FragAttacks can be leveraged by an attacker who is within range of the targeted Wi-Fi connection to hack devices and steal sensitive user information.

The vulnerabilities appear to impact all Wi-Fi security protocols, including WEP — this means some of the flaws have been around since 1997 — and the latest WPA3. Vanhoef said all of the more than 75 tested Wi-Fi devices were affected by at least one of the FragAttacks issues, but most of these products were impacted by multiple vulnerabilities.

Tested devices include mobile products from Huawei, Google, Samsung and Apple; computers from Dell, Apple and MSI; Xiaomi and Canon IoT devices; Asus, Linksys and D-Link routers; and Aruba, Lancom and Cisco access points.

A dozen CVE identifiers have been assigned to FragAttacks, including three CVEs for design flaws related to aggregation, mixed key and fragment cache attacks; four CVEs for implementation issues that can be exploited to inject plaintext frames into protected Wi-Fi networks; and five CVEs for various other implementation flaws.

The researcher said the design flaws are more difficult to exploit as they typically require user interaction or uncommon network settings. However, the implementation flaws are easier to leverage in attacks.

Vanhoef has shown how an attacker could use the FragAttacks design flaws to redirect the targeted user to a malicious website. However, this attack requires setting up a malicious server and a rogue Wi-Fi connection mimicking the victim’s connection, as well as user interaction (e.g. opening an email).

Advertisement. Scroll to continue reading.

Vanhoef also demonstrated how some of the implementation flaws can be exploited to take control of smart devices on the targeted network, bypass a home router firewall and gain remote access to the local network, steal a user’s information, and spy on them.

“The biggest risk in practice is likely the ability to abuse the discovered flaws to attack devices in someone’s home network. For instance, many smart home and internet-of-things devices are rarely updated, and Wi-Fi security is the last line of defense that prevents someone from attacking these devices. Unfortunately, due to the discovered vulnerabilities, this last line of defense can now be bypassed,” Vanhoef explained.

Some of the affected vendors have been notified and given 9 months to release patches. The researcher specifically mentioned patches being released by Microsoft (in March) and Linux kernel developers. Mitigations are also available for some of the vulnerabilities.

Vanhoef has set up a dedicated website for FragAttacks and also released a detailed research paper, a video showing how the vulnerabilities can be exploited in real-world attacks, and an open source tool that can be used to determine if Wi-Fi clients and access points are affected by the flaws.

Related: Kr00k Vulnerability Exposed Data From Over a Billion Wi-Fi Devices

Related: Vulnerabilities in Realtek Wi-Fi Module Expose Many Devices to Remote Attacks

Related: Qualcomm, MediaTek Wi-Fi Chips Vulnerable to Kr00k-Like Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.