Security researchers just reported a new type of cyberattack that endangers the security of Wi-Fi devices.
Known as FragAttacks, or fragmentation and aggregation attacks, the threat is a collection of new security flaws affecting Wi-Fi devices. Discovered by Mathy Vanhoef of New York University Abu Dhabi, the vulnerabilities can be exploited within radio range of a victim to steal user data or attack devices.
FragAttacks: Design Flaws and Programming Mistakes in Wi-Fi Products
According to Vanhoef, three of the vulnerabilities are design flaws in the Wi-Fi standard, affecting most devices, whereas other flaws are caused by “widespread programming mistakes in Wi-Fi products”.
There are indications that every Wi-Fi product is affected by at least one of the flaws, and that most devices are affected by several. Unfortunately, the FragAttacks vulnerabilities affect all modern security protocols of Wi-Fi, even the latest WPA3 specification. “Even the original security protocol of Wi-Fi, called WEP, is affected,” Vanhoef noted, meaning that some of the design flaws data back to 1997 when Wi-Fi was released.
The good news is that it is rather challenging to exploit the flaws, as doing so requires user interaction or uncommon network settings. This makes the programming mistakes in Wi-Fi products the biggest concern as several of them are trivial to exploit, the researcher said.
There’s an element of surprise stemming from this discovery, as Wi-Fi’s security has improved significantly:
The discovery of these vulnerabilities comes as a surprise, because the security of Wi-Fi has in fact significantly improved over the past years. For instance, previously we discovered the KRACK attacks, the defenses against KRACK were proven secure, and the latest WPA3 security specification has improved. Unfortunately, a feature that could have prevented one of the newly discovered design flaws was not adopted in practice, and the other two design flaws are present in a feature of Wi-Fi that was previously not widely studied.
Previous KRACK Vulnerabilities
The KRACK flaw allowed attackers to gain access to Wi-Fi transmissions guarded by the WPA2 standard. In other words, the attack could exploit the way the security handshake of the WPA2 encryption protocol is handled. This is a sequence of requests and answers that deliver cryptographically protected data.
Discovered in 2017, researchers back then uncovered that when the third step is sent using multiple times, in some situations a cryptographic message can be reused in a way which effectively disrupts the security measures, creating multiple issues.
Then, in 2018, the Wi-Fi Alliance released WPA3, a newer version of Wi-Fi Protected Access, otherwise known as WPA – a user authentication technology aimed at wireless connections. The Alliance started developing WPA3 after the discovery of the KRACK vulnerability within the WPA2 protocol.
In terms of the FragAttacks and the protection of users, “security updates were prepared during a 9-month-long coordinated disclosure that was supervised by the Wi-Fi Alliance and ICASI.” In case no update is available for your device, you can mitigate the risk by making sure that websites use HTTPS and that your device has received all other updates.
The research on the FragAttacks vulnerabilities will be presented at the USENIX Security conference, and will be discussed further during the Black Hat USA this summer.
A demo of the vulnerabilities is also available.