FragAttacks: New vulnerabilities discovered in the WiFi standard
Under the name "FragAttacks" (this stands for fragmentation and aggregation attacks), security researchers have published findings on numerous WLAN vulnerabilities that can affect WLAN routers and the devices connected to them such as smartphones, consoles and, in general, computers. According to the current situation, it can be assumed that some of the security gaps are due to the design of the WiFi standard and can therefore be exploited by all manufacturers. An attacker who is within radio range of a victim can abuse these vulnerabilities to steal user information or attack devices.
The problem here is that some things can certainly be fixed by large manufacturers, but millions of old devices are likely to be left out. The encryption technology used is irrelevant for attacks. Manufacturers informed in advance by the discoverers have been given the opportunity in recent months to check the situation and provide patches.
Microsoft 365 Single 12 + 3 months subscription | 1 user | Multiple PCs / Macs, tablets and mobile …
This Microsoft 365 Single subscription for 1 person offers 12 months + 3 months extra term (activation code via email)
For Windows 10, macOS, iOS and Android
Contains premium Office applications: Word, Excel, PowerPoint, OneNote and Outlook as well as up to 6 TB of OneDrive cloud storage (1 TB per person)
View on Amazon
The good for the bad: It is currently assumed that the gaps can only be exploited with direct local access. Under certain circumstances, the vulnerability of WLAN devices can be checked with an open source tool.
"Three of the vulnerabilities discovered are design errors in the WiFi standard and therefore affect most devices," says Mathy Vanhoef, the Belgian security researcher who found the Frag attacks. The rest are security vulnerabilities "caused by widespread programming errors in the implementation of the WiFi standard in WiFi products," Vanhoef continued.
He reported his findings to the WiFi Alliance. For the past nine months, these have worked to revise their standard and guidelines, and work with device manufacturers to release firmware patches. A FAQ is also available.
CVE-2020-24586 – Not clearing fragments from memory when (re) connecting to a network
CVE-2020-24587 – Reassembling fragments encrypted under different keys
CVE-2020-24588 – Accepting non-SPP A-MSDU frames
CVE-2020-26139 – Forwarding EAPOL frames even though the sender is not yet authenticated
CVE-2020-26140 – Accepting plaintext data frames in a protected network
CVE-2020-26141 – Not verifying the TKIP MIC of fragmented frames
CVE-2020-26142 – Processing fragmented frames as full frames
CVE-2020-26143 – Accepting fragmented plaintext data frames in a protected network
CVE-2020-26144 – Accepting plaintext A-MSDU frames that start with an RFC1042 header with EtherType EAPOL (in an encrypted network)
CVE-2020-26145 – Accepting plaintext broadcast fragments as full frames (in an encrypted network)
CVE-2020-26146 – Reassembling encrypted fragments with non-consecutive packet numbers
CVE-2020-26147 – Reassembling mixed encrypted / plaintext fragments
And what does AVM say about it, as a very popular manufacturer of WLAN routers and repeaters in Germany?
Unauthorized use of FragAttacks is not known and could only take place in the immediate vicinity of the WLAN. The security of services such as mail or apps that use TLS encryption or of Internet connections via HTTPS sites is not affected by the vulnerability. According to the current state of knowledge, practical effects of FragAttacks are unlikely.
AVM started distributing security updates against FragAttacks last week. An update is available for the widespread FRITZ! Box 7590; there are public beta versions for other products. Further updates for current products will follow soon, according to the Berlin company. So it seems to be about FRITZ! OS 7.27, since the box in question is currently being supplied.
AVM FRITZ! WLAN Mesh Repeater 2400 (Dual-WLAN AC + N up to 1,733 Mbit / s (5GHz) + 600 Mbit / s (2.4 …
View on Amazon
AVM FRITZ! WLAN Mesh Repeater 1200 (two radio units: 5 GHz (up to 866 Mbit / s), 2.4 GHz (up to …
View on Amazon
AVM FRITZ! WLAN Mesh Repeater 3000 (three radio units: 5 GHz (up to 1,733 Mbit / s), 5 GHz (up to …
View on Amazon
Amazon links are included in this article. Clicking on it will take you directly to the provider. Should you decide to buy there, we will receive a small commission. Nothing changes in the price for you.