Wi-Fi Devices Released Since 1997 Vulnerable to New Frag Attacks

Belgian security researcher Mathy Vanhoef has discovered a series of vulnerabilities in the Wi-Fi standard. Some have been present since 1997 and affect all devices released in the last 24 years.

The vulnerabilities, dubbed Frag Attacks, allow an attacker within range of a Wi-Fi device to collect information about the owner of the device and run malicious code in order to compromise a computer, smartphone, or any other smart device. Devices remain vulnerable even with WEP and WPA security standards enabled.

Three out of twelve vulnerabilities are design flaws and therefore affect most devices. The rest of the vulnerabilities exist due to common programming errors made during the implementation of the Wi-Fi standard. Each device has at least one Frag Attacks vulnerability, but most devices have several.

The researcher announced his discovery of the WiFi Alliance, and over the past nine months, the organization has been working on adjusting its standards and guidelines, and has also worked with electronics manufacturers to prepare patches for the firmware.

Frag Attacks:

CVE-2020-24588 : Aggregation attack (accepting non-SPP A-MSDU frames);

CVE-2020-24587 : key mixing attack (reassembling fragments encrypted under different keys);

CVE-2020-24586: Cache chunks attack (missing chunks from memory when (re) connecting to the network);

CVE-2020-26145: accepting translated text snippets as full frames (over encrypted network);

CVE-2020-26144 : Accept text A-MSDU frames starting with RFC1042 header with EtherType EAPOL (over encrypted network);

CVE-2020-26140: accepting text data frames over a secure network;

CVE-2020-26143: accepting fragmented data frames in text form on a secure network;

CVE-2020-26139: Addressing EAPOL frames even if the sender has not yet been authenticated (only affects AP);

CVE-2020-26146: Build encrypted chunks with inconsistent packet numbers;

CVE-2020-26147: Build mixed encrypted / text snippets;

CVE-2020-26142: Handle fragmented frames as full frames;

CVE-2020-26141: Lack of TKIP MIC validation for fragmented frames.

Exploiting vulnerabilities is not easy, Vanhof said. Some of them require user interaction, which means they cannot be used to carry out massive or worm-like attacks. However, they can be useful in targeted or spy operations. The video below shows the exploitation of vulnerabilities

The Wi-Fi Alliance or WECA (Wireless Ethernet Compatibility Alliance) is an alliance for interoperability of wireless Ethernet equipment. It is an association of the largest manufacturers of computer equipment and wireless Wi-Fi devices. The alliance is developing a family of Wi-Fi networking standards (IEEE 802.11 specifications) and methods for building local wireless networks.

Previous Post Next Post