Different vulnerabilities affect devices in different ways. They often allow cybercriminals to infiltrate into vulnerable systems to steal sensitive information or compromise devices. Recently, cybersecurity researcher Mathy Vanhoef uncovered a set of critical vulnerabilities, tracked as FragAttacks, that impact the systems connected to Wi-Fi, exposing millions of Wi-Fi users to potential remote attacks.
What is a FragAttack?
Vanhoef claimed that all these vulnerabilities are a combination of fragmentation and aggregation attacks (FragAttacks). FragAttacks can be leveraged by any remote hacker that is within range of a victim’s Wi-Fi network to abuse these flaws. It was found that most Wi-Fi devices are affected by several vulnerabilities, with every Wi-Fi device being vulnerable to at least one flaw.
Vulnerabilities Detected
The researcher discovered multiple vulnerabilities including three design flaws, four implementation vulnerabilities, and five other critical flaws caused by widespread programming mistakes in Wi-Fi products. Vanhoef tested more than 75 Wi-Fi devices including computers from Dell and Apple, mobile products from Huawei, Google, Samsung, and Apple, IoT devices from Xiaomi and Canon, routers from Asus, Linksys, and D-Link routers.
All these bugs will impact all Wi-Fi security protocols, including the Wired Equivalent Privacy (WEP) and the latest Wi-Fi Protected Access (WPA3). The detected vulnerabilities with CVSS scores between 4.8 and 6.5 include:
- CVE-2020-24588: Which causes an Aggregation attack (accepting non-SPP A-MSDU frames).
- CVE-2020-24587: Cause Mixed key attack (reassembling fragments encrypted under different keys).
- CVE-2020-24586: Cause Fragment cache attack (not clearing fragments from memory when (re)connecting to a network).
- CVE-2020-26145: Accepting plaintext broadcast fragments as full frames (in an encrypted network).
- CVE-2020-26144: Accepting plaintext A-MSDU frames that start with an RFC1042 header with EtherType EAPOL (in an encrypted network).
- CVE-2020-26140: Accepting plaintext data frames in a protected network.
- CVE-2020-26143: Accepting fragmented plaintext data frames in a protected network.
- CVE-2020-26139: Forwarding EAPOL frames even though the sender is not yet authenticated (should only affect APs).
- CVE-2020-26146: Reassembling encrypted fragments with non-consecutive packet numbers.
- CVE-2020-26147: Reassembling mixed encrypted/plaintext fragments.
- CVE-2020-26142: Processing fragmented frames as full frames.
- CVE-2020-26141: Not verifying the TKIP MIC of fragmented frames.
How Attackers Can Exploit these Flaws
The researcher also provided a demo video showing how an adversary can abuse the vulnerabilities to intercept sensitive information, exploit insecure IoT devices remotely, and launch advanced cyberattacks.
Vanhoef stated that many of the companies released mitigation measures to fix these vulnerabilities. Hence, it is highly recommended to update all your connected devices to thwart potential risks.
“The biggest risk in practice is likely the ability to abuse the discovered flaws to attack devices in someone’s home network. For instance, many smart homes and internet-of-things devices are rarely updated, and Wi-Fi security is the last line of defense that prevents someone from attacking these devices. Unfortunately, due to the discovered vulnerabilities, this last line of defense can now be bypassed,” Vanhoef added.
Related Story: How to Secure Your Home Wi-Fi Network