A Belgian security researcher, has just discovered a series of flaws in the Impressive Wi-Fi standard, some of which even date back to 1997, meaning devices sold over the past 24 years are affected. It is reported that such "frag attacks" (Frag Attacks) allow attackers within the coverage of Wi-Fi signals to collect user information and run malicious code to damage devices (such as networked computers, mobile phones or other smart devices).
The bad thing is that since the flaw is in the Wi-Fi standard itself, even with standard security protocols like WEP or WPA activated, the device is still vulnerable.
Mathy Vanhoef, a Belgian academic and security researcher who discovered Frag Attacks, said: "Three vulnerabilities stem from design flaws in the Wi-Fi standard that affect most devices, and the rest are widespread in the implementation of the W-Fi product standard. caused by a programming error".
experiments show that every Wi-Fi product is affected by at least one vulnerability, and most products are affected by multiple vulnerabilities. As for more details, Mathy Vanhoef intends to discuss in depth at the USENIX Security Conference in late August of this year.
FragAttacks Presentation at USENIX Security 21 (via)
Previously, this researcher disclosed KRACK and Dragonblood attacks, making substantial contributions to security improvements to the Wi-Fi standard. However, the Frag Attacks recently disclosed by
are facing an even more embarrassing situation. Because the newly discovered vulnerability is in an earlier part of the Wi-Fi protocol and has been continuously deployed in the real world for 20 years, industry inertia makes it difficult to retroactively patch measures .
Mathy Vanhoef said: "The discovery of these vulnerabilities is surprising because Wi-Fi security has actually improved dramatically over the past few years."
As with the two previously disclosed vulnerabilities, Mathy Vanhoef has promptly reported his findings (PDF) to the Wi-Fi Alliance. Over the past nine months, the group has been working to correct its standards and guidelines, working with device manufacturers to release firmware upgrades and patches.
For those who are concerned, you can check whether the firmware change log of your device contains the following CVE identifier to confirm whether it is affected by one or more of the 12 fragmentation attacks. is first and foremost three flaws in the design of the Wi-Fi standard:
● CVE-2020-24588: Aggregation Attack - Accepting non-SPP A-MSDU frames.
● CVE-2020-24587: Hybrid key attack -- Reassemble fragments encrypted with different keys.
● CVE-2020-24586: Fragment Cache Attack -- Fragments are not cleared from memory when (re)connected to the network .
FragAttacks Demonstration of Flaws in WPA23 (via)
followed by four flaws in the implementation of the Wi-Fi standard:
CVE-2020-26145: (in encrypted networks) accept plain text broadcast fragments as full frames.
● CVE-2020-26144: Accept (in encrypted networks) plain text A-MSDU frames with EtherType EAPOL / RFC1042 as header.
● CVE-2020-26140: (in protected networks) accepts plain text dataframe .
● CVE-2020-26143: (In protected networks) Accept fragmented plaintext dataframes.
Finally five other Wi-Fi standard implementation flaws:
● CVE-2020-26139: EAPOL frames are forwarded (or only affect AP deployment) even if the sender has not authenticated with .
● CVE-2020-26146: Reassemble encrypted fragments with non-consecutive packet numbers.
● CVE-2020-26147: Reassemble hybrid encrypted/plain text fragments.
● CVE-2020-26142: Handle fragmented frames as full frames.
● CVE-2020-26141: TKIP MIC for fragmented frames is not validated.
If you don't know whether your device network has been patched, you can also refer to Mathy Vanhoef's list of mitigations to protect users from fragmentation attacks. The easiest defense, though, is to enable the website's secure Hypertext Transfer Protocol (or HTTPs) whenever possible.
Finally, Microsoft has reported Frag Attacks in Patch Tuesday, May 2021, and the software giant has fixed 3 of the 12 related vulnerabilities affecting on the Windows operating system.
