Sunday, May 19, 2024

FragAttacks – New Security Vulnerabilities Affect Billions of Wi-Fi Devices

Mathy Vanhoef, a cybersecurity researcher from Belgium has recently discovered a bunch of vulnerabilities and named them “FragAttacks.” And all these flaws are just a blend of fragmentation and aggregation attacks.

The flaws that were discovered, affect the computer systems that have Wi-Fi connectivity, which means that millions of users are at risk.

All these vulnerabilities affect all Wi-Fi security protocols, including the latest WPA3 specs, and the original one, WEP is also in the range.

Mathy claimed that some of these vulnerabilities were present since 1997, and not only that even they also affect all computer systems that were released in the last 24 years with Wi-Fi connectivity.

However, the security expert, Mathy Vanhoef has claimed that it must be borne in mind that most of the flaws are very difficult to exploit. 

As most of them will require user interaction, hence, making it very difficult for a threat actor to exploit these flaws and take precedence of them.

Vulnerabilities Detected

The vulnerabilities that are detected are mentioned below, and all the flaws that we have mentioned below have CVSS scores between 4.8 and 6.5.

  • CVE-2020-24588: Aggregation attack (accepting non-SPP A-MSDU frames).
  • CVE-2020-24587: Mixed key attack (reassembling fragments encrypted under different keys).
  • CVE-2020-24586: Fragment cache attack (not clearing fragments from memory when (re)connecting to a network).
  • CVE-2020-26145: Accepting plaintext broadcast fragments as full frames (in an encrypted network).
  • CVE-2020-26144: Accepting plaintext A-MSDU frames that start with an RFC1042 header with EtherType EAPOL (in an encrypted network).
  • CVE-2020-26140: Accepting plaintext data frames in a protected network.
  • CVE-2020-26143: Accepting fragmented plaintext data frames in a protected network.
  • CVE-2020-26139: Forwarding EAPOL frames even though the sender is not yet authenticated (should only affect APs).
  • CVE-2020-26146: Reassembling encrypted fragments with non-consecutive packet numbers.
  • CVE-2020-26147: Reassembling mixed encrypted/plaintext fragments.
  • CVE-2020-26142: Processing fragmented frames as full frames.
  • CVE-2020-26141: Not verifying the TKIP MIC of fragmented frames.

Attack Vectors

Aggregation attack: This flaw exists in the Frame aggregation, and it mainly combines the small frames into large frames to improves the network speed. So, due to this feature, each frame has a header to identify whether it’s combined or not. 

But here Mathy Vanhoef claims that there is no protection in the “combined” state header, and that’s why by modifying this header part, an attacker can intercept the traffic.

Mixed key attack: This attack occurs in frame fragmentation, and it is related to the encryption key that is used to divide a large frame into smaller pieces to improve the reliability of the connection. 

This encryption key is used as a common encryption key when distributing one frame, but it’s passed from the device side, as on the Wi-Fi connection side there is no process of verifying the encryption key.

So, the fragment will be restored by using the encrypted key, and due to this, the data can be leaked by passing an encryption key that is different from the original encryption key.

Fragment cache attack: This vulnerability exists in the frame fragmentation, here in the memory of Wi-Fi devices the incomplete fragments are left undeleted, and this happen when a client disconnects from the network.

fragattacks

The attackers can place a malicious fragment in the memory of the access point by using this design. That’s why it’s possible to merge the fragment by force that’s sent by the recipient with the malicious fragment.

Demonstration

The below video demonstrates that how the attackers can exploit these flaws:-

Moreover, some of these vulnerabilities are caused by common programming errors, and it has been reinforced that every Wi-Fi product has multiple vulnerabilities.

Some of the discovered vulnerabilities allow hackers to inject code in plain text. Here the biggest risk is that all these flaws can be abused by attackers to attack IoT devices.

Attacking the IoT devices could be the convenient gateway for the threat actors, as IoT devices are rarely updated.

For now, the updates are already made available by many vendors or manufacturers to fix all these vulnerabilities. And under the supervision of the Wi-Fi Alliance and ICASI, all these updates have been prepared.

So, the security analysts have strongly recommended all the user to immediately update their devices with the latest security patches released by their respective manufacturers.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Website

Latest articles

Norway Recommends Replacing SSLVPN/WebVPN to Stop Cyber Attacks

A very important message from the Norwegian National Cyber Security Centre (NCSC) says that...

New Linux Backdoor Attacking Linux Users Via Installation Packages

Linux is widely used in numerous servers, cloud infrastructure, and Internet of Things devices,...

ViperSoftX Malware Uses Deep Learning Model To Execute Commands

ViperSoftX malware, known for stealing cryptocurrency information, now leverages Tesseract, an open-source OCR engine,...

Santander Data Breach: Hackers Accessed Company Database

Santander has confirmed that there was a major data breach that affected its workers...

U.S. Govt Announces Rewards up to $5 Million for North Korean IT Workers

The U.S. government has offered a prize of up to $5 million for information...

Russian APT Hackers Attacking Critical Infrastructure

Russia leverages a mix of state-backed Advanced Persistent Threat (APT) groups and financially motivated...

Millions Of IoT Devices Vulnerable To Attacks Leads To Full Takeover

Researchers discovered four significant vulnerabilities in the ThroughTek Kalay Platform, which powers 100 million...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

Live API Attack Simulation

94% of organizations experience security problems in production APIs, and one in five suffers a data breach. As a result, cyber-attacks on APIs increased from 35% in 2022 to 46% in 2023, and this trend continues to rise.
Key takeaways include:

  • An exploit of OWASP API Top 10 vulnerability
  • A brute force ATO (Account Takeover) attack on API
  • A DDoS attack on an API
  • Positive security model automation to prevent API attacks

Related Articles