Thursday, November 30, 2023

FragAttacks – New Security Vulnerabilities Affect Billions of Wi-Fi Devices

Mathy Vanhoef, a cybersecurity researcher from Belgium has recently discovered a bunch of vulnerabilities and named them “FragAttacks.” And all these flaws are just a blend of fragmentation and aggregation attacks.

The flaws that were discovered, affect the computer systems that have Wi-Fi connectivity, which means that millions of users are at risk.

All these vulnerabilities affect all Wi-Fi security protocols, including the latest WPA3 specs, and the original one, WEP is also in the range.

Mathy claimed that some of these vulnerabilities were present since 1997, and not only that even they also affect all computer systems that were released in the last 24 years with Wi-Fi connectivity.

However, the security expert, Mathy Vanhoef has claimed that it must be borne in mind that most of the flaws are very difficult to exploit. 

As most of them will require user interaction, hence, making it very difficult for a threat actor to exploit these flaws and take precedence of them.

Vulnerabilities Detected

The vulnerabilities that are detected are mentioned below, and all the flaws that we have mentioned below have CVSS scores between 4.8 and 6.5.

  • CVE-2020-24588: Aggregation attack (accepting non-SPP A-MSDU frames).
  • CVE-2020-24587: Mixed key attack (reassembling fragments encrypted under different keys).
  • CVE-2020-24586: Fragment cache attack (not clearing fragments from memory when (re)connecting to a network).
  • CVE-2020-26145: Accepting plaintext broadcast fragments as full frames (in an encrypted network).
  • CVE-2020-26144: Accepting plaintext A-MSDU frames that start with an RFC1042 header with EtherType EAPOL (in an encrypted network).
  • CVE-2020-26140: Accepting plaintext data frames in a protected network.
  • CVE-2020-26143: Accepting fragmented plaintext data frames in a protected network.
  • CVE-2020-26139: Forwarding EAPOL frames even though the sender is not yet authenticated (should only affect APs).
  • CVE-2020-26146: Reassembling encrypted fragments with non-consecutive packet numbers.
  • CVE-2020-26147: Reassembling mixed encrypted/plaintext fragments.
  • CVE-2020-26142: Processing fragmented frames as full frames.
  • CVE-2020-26141: Not verifying the TKIP MIC of fragmented frames.

Attack Vectors

Aggregation attack: This flaw exists in the Frame aggregation, and it mainly combines the small frames into large frames to improves the network speed. So, due to this feature, each frame has a header to identify whether it’s combined or not. 

But here Mathy Vanhoef claims that there is no protection in the “combined” state header, and that’s why by modifying this header part, an attacker can intercept the traffic.

Mixed key attack: This attack occurs in frame fragmentation, and it is related to the encryption key that is used to divide a large frame into smaller pieces to improve the reliability of the connection. 

This encryption key is used as a common encryption key when distributing one frame, but it’s passed from the device side, as on the Wi-Fi connection side there is no process of verifying the encryption key.

So, the fragment will be restored by using the encrypted key, and due to this, the data can be leaked by passing an encryption key that is different from the original encryption key.

Fragment cache attack: This vulnerability exists in the frame fragmentation, here in the memory of Wi-Fi devices the incomplete fragments are left undeleted, and this happen when a client disconnects from the network.


The attackers can place a malicious fragment in the memory of the access point by using this design. That’s why it’s possible to merge the fragment by force that’s sent by the recipient with the malicious fragment.


The below video demonstrates that how the attackers can exploit these flaws:-

Moreover, some of these vulnerabilities are caused by common programming errors, and it has been reinforced that every Wi-Fi product has multiple vulnerabilities.

Some of the discovered vulnerabilities allow hackers to inject code in plain text. Here the biggest risk is that all these flaws can be abused by attackers to attack IoT devices.

Attacking the IoT devices could be the convenient gateway for the threat actors, as IoT devices are rarely updated.

For now, the updates are already made available by many vendors or manufacturers to fix all these vulnerabilities. And under the supervision of the Wi-Fi Alliance and ICASI, all these updates have been prepared.

So, the security analysts have strongly recommended all the user to immediately update their devices with the latest security patches released by their respective manufacturers.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.


Latest articles

Chrome Zero-Day Vulnerability That Exploited In The Wild

Google has fixed the sixth Chrome zero-day bug that was exploited in the wild this...

Iranian Mobile Banking Malware Steal Login Credentials & Steal OTP Codes

An Android malware campaign was previously discovered that distributed banking trojans targeting four major...

BLUFFS: Six New Attacks that Break Secrecy of Bluetooth Sessions

Six novel Bluetooth attack methods have been discovered, which were named BLUFFS (Bluetooth Forward...

Google Workspace’s Design Flaw Allows Attacker Unauthorized Access

Recent years saw a surge in cloud tech adoption, highlighting the efficiency through tools...

Serial ‘SIM Swapper’ Sentenced to Eight Years in Prison

In a digital age marred by deceit, 25-year-old Amir Hossein Golshan stands as a...

Design Flaw in Domain-Wide Delegation Could Leave Google Workspace Vulnerable to Takeover – Hunters

BOSTON, MASS. and TEL AVIV, ISRAEL, November 28, 2023 - A severe design flaw...

Hackers Behind High-Profile Ransomware Attacks on 71 Countries Arrested

Hackers launched ransomware attacks to extort money from the following two entities by encrypting...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

API Attack Simulation Webinar

Live API Attack Simulation

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked.The session will cover:an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Related Articles