Belgian security researcher Mathy Vanhoef disclosed the details of a multiple vulnerabilities, tracked as FragAttacks, that affect WiFi devices exposed them to remote attacks. Some the flaws discovered by the experts date back as far back as 1997.
The vulnerabilities could be exploited by an attacker within a device’s WiFi radio range to steal info from it and also execute malicious code. The devices were exposed to the FragAttacks even if they were using WiFi security protocols such as WEP, WPA, and WPA3.
The issues impact all Wi-Fi security protocols, according to Vanhoef, more than 75 tested Wi-Fi devices were affected by at least one of the FragAttacks flaws, and in the majority of the cases, the devices were vulnerable to multiple vulnerabilities.
“This website presents FragAttacks (fragmentation and aggregation attacks) which is a collection of new security vulnerabilities that affect Wi-Fi devices. An adversary that is within radio range of a victim can abuse these vulnerabilities to steal user information or attack devices. Three of the discovered vulnerabilities are design flaws in the Wi-Fi standard and therefore affect most devices.” reads the website FragAttacks. “On top of this, several other vulnerabilities were discovered that are caused by widespread programming mistakes in Wi-Fi products. Experiments indicate that every Wi-Fi product is affected by at least one vulnerability and that most products are affected by several vulnerabilities.”
The expert discovered three design flaws in the 802.11 standard that underpins WiFi along with common implementation flaws related to aggregation and fragmentation.
The vulnerabilities affect all major operating systems, including Windows, Linux, Android, macOS, and iOS. All The APs that were tested by the experts were also found vulnerable, including professional APs. Vanhoef pointed out that only NetBSD and OpenBSD were not impacted because they do not support the reception of A-MSDUs.
The following video shows three examples of how a threat actor can exploit the vulnerabilities.
“As the demo illustrates, the Wi-Fi flaws can be abused in two ways. First, under the right conditions they can be abused to steal sensitive data. Second, an adversary can abuse the Wi-Fi flaws to attack devices in someone’s home network.” continues the expert. “The biggest risk in practice is likely the ability to abuse the discovered flaws to attack devices in someone’s home network. For instance, many smart home and internet-of-things devices are rarely updated, and Wi-Fi security is the last line of defense that prevents someone from attacking these devices. Unfortunately, due to the discover vulnerabilities, this last line of defense can now be bypassed. In the demo above, this is illustrated by remotely controlling a smart power plug and by taking over an outdated Windows 7 machine. The Wi-Fi flaws can also be abused to exfiltrate transmitted data.”
Summarizing, the design flaws discovered by the expert are:
while the implementation vulnerabilities are:
and other implementation flaws found by the researcher are:
The expert notified affected vendors and has given 9 months to address the issues.
Vanhoef also released a research paper and an open source tool that can be used to determine if Wi-Fi clients and access points are vulnerable to FragAttacks.
Please vote Security Affairs as Best Personal cybersecurity Blog
Follow me on Twitter: @securityaffairs and Facebook
|[adrotate banner=”9″]||[adrotate banner=”12″]|
(SecurityAffairs – hacking, FragAttacks )