A new type of Wi-Fi attack is impacting virtually every Wi-Fi product on the planet, from the original WEP specification from 1997 to the WPA3 protocol today. These sets of vulnerabilities, known as FragAttacks (or fragmentation and aggregation attacks), stem from design flaws in the Wi-Fi standard and programming mistakes in Wi-FI products — and as a result, virtually every Wi-Fi device is impacted by at least one, if not several, FragAttack vulnerabilities. FragAttacks, themselves, range from the harmless to severe, including the ability to exfiltrate data from seemingly secure networks.
FragAttacks exploit design flaws in the Wi-Fi standard that allow attackers to inject plaintext “frames” into otherwise protected Wi-Fi networks. These can essentially “fool” the network, allowing an attacker to intercept traffic (for instance by tricking the client into connecting to a malicious server) or bypass security firewalls (by sending a false “handshake” that authenticates their device). Because these attacks stem from flaws in the Wi-Fi standard itself, any device connected to a network is potentially impacted.
Given the pace of wireless digital connectivity in most organizations, these attacks will give cause for some concern. While many devices in enterprise environments enjoy well-layered security (and hence some level of protection from a FragAttack), it is often unsecured devices, like IoT sensors, that pose the largest threat. For instance, it has been demonstrated that an attacker can use a FragAttack to exploit an unsecured IoT device by turning on and off a power socket remotely. Any device that has been compromised can then potentially lead to data exfiltration within the organizational network.
With 80% of IoT deployments being wireless and a large subset using traditional Wi-Fi, the FragAttacks disclosure identifies new risks with using wireless devices and increases the requirement to observe, identify and track them. At a minimum, organizations must have a live inventory of all devices operating in their environment to be able to effectively quantify the risk to the organization.
LOCH is reviewing its capabilities to identify vulnerable devices and detect attempted attacks with the AirShield product. Organizations should review their infrastructure and immediately plan upgrades to critical core systems, beginning with Wi-Fi Access Points. Doing so would eliminate the threat from many of the discovered weaknesses.
In general, the number of connected wireless devices in organizations is increasing rapidly — particularly with technologies like 5G and multi-access edge computing (MEC) now gaining widespread traction. Moreover, given that exploitable vulnerabilities like FragAttacks are now appearing in Wi-Fi, it is conceivable that they could extend to other wireless protocols and connected devices over time. As such, it is more critical than ever that organizations take stock of their wireless networks and devices, so they can proactively protect their data and assets.
Specific details of each weakness can be found at the disclosure site and tracked with the following CVEs.
https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md
A collection of vendor responses can be found at:
https://github.com/vanhoefm/fragattacks/blob/master/ADVISORIES.md
https://www.wi-fi.org/security-update-fragmentation
https://www.icasi.org/aggregation-fragmentation-attacks-against-wifi/
If you’d like to gain an understanding of every wireless operating in your environment and assess your level of risk for FragAttacks, sign up for a Free IoT Broad Spectrum Wireless Assessment today.