14 DAY TRIAL // Mathy Vanhoef, a Belgian researcher discovered several vulnerabilities in the Wi-Fi standard. Some of these flaws date back to 1997 and affects Wireless Routers used in the last 24 years.
Vanhoef is a computer security postdoctoral researcher at New York University Abu Dhabi, and he published on Tuesday a study named "Fragment and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation."
Frag Attacks allow an attacker within a device's Wi-Fi radio range to collect information about the owner and run malicious code on the device. Bad actors can use a computer, smartphone, or any other device that is able to connect to a wireless network to hack the Wi-Fi.
All Wi-Fi devices from WEP to WPA3 are affected
Since the invention of wireless networking in 1997, a dozen vulnerabilities have been discovered that affect all Wi-Fi security protocols, from WEP to WPA3.
In his paper, Vanhoef explains that "one design flaw is in the frame aggregation functionality, and another two are in the frame fragmentation functionality." "These design flaws allow an adversary to forge encrypted frames in a variety of ways, allowing sensitive data to be exfiltrated."
Frame aggregation, which combines multiple network data frames, and frame fragmentation, that splits network data frames into smaller pieces, both have flaws that magnify the impact of potential attacks, according to him.
The 802.11 frame aggregation flaw occurs when an unauthenticated flag in a frame header is flipped, allowing the encrypted data payload to be parsed as multiple aggregated frames rather than a single network packet.
"We exploit this to inject arbitrary frames into a victim's traffic and then intercept it by forcing it to use a malicious DNS server," the paper explains. "We found that almost all of the devices we tested were vulnerable to this attack."
Various devices with different operating systems found vulnerable to Frag Attacks
In total, 75 devices were tested, each with a different network card and operating system (Windows, Linux, Android, macOS, and iOS), and all of them were vulnerable to one or more of the attacks.
Because they do not support the reception of A-MSDUs, NetBSD and OpenBSD were unaffected.
Thanks to a nine-month coordinated responsible disclosure overseen by the Wi-Fi Alliance and the Industry Consortium for Advancement of Security on the Internet, patches for many affected devices and software have already been deployed (ICASI).
As for Linux, patches have been applied. The kernel mailing list note mentions that Intel addressed the flaws in a recent firmware update without mentioning it.
When disclosure was delayed, Microsoft released its patches on March 9, 2021, even though Redmond had already committed to publication.