Wi-Fi technology depends on the ability to break big data into smaller data clusters. Depending on the network requirements the data constantly shifts from larger to smaller data packets. Researcher Mathy Vanhoef published a study last week which explains what he calls FragAttacks. A hacker within radio range can exploit a dozen vulnerabilities with the potential to impact huge numbers of wi-fi-enabled devices.
Vanhoef documents how hackers can redirect users to malicious websites. They may also exploit or tamper with network-connected devices. In FragAttacks, short for fragmentation and aggregation attacks, hackers inject malicious commands into encrypted Wi-Fi traffic. WPA-based encryption protection has serious vulnerabilities.
Trusted networks open to FragAttacks
With these types of hacks data in the form of malicious coding can be injected into the Wi-Fi traffic. But it’s not possible to exfiltrate and pull anything out. In other words, FragAttacks don’t let the hacker read users’ passwords or other private data.
Vanhoef’s previous research outlined a Wi-Fi attack of Vanhoef, known as Krack. Krack differs from a FragAttack because it does allow the hacker access to sensitive and hidden info. But FragAttack hackers can inflict a lot of damage, especially when combined with other types of hacking.
The vulnerabilities Vanhoef outlines now have been around since 1997 when Wi-Fi first started to be used. can be exploited to inflict other kinds of damage, particularly if paired with other types of hacks.
“It’s never good to have someone able to drop packets into your network or target your devices on the network,” Mike Kershaw, a Wi-Fi security expert, and developer of the open-source Kismet wireless sniffer and IDS, reports.
“In some regards, these are no worse than using an unencrypted access point at a coffee shop—someone can do the same to you there, trivially—but because they can happen on networks you’d otherwise think are secure and might have configured as a trusted network, it’s certainly bad news.”
In the Wi-Fi specification, one of the flaws tracked as CVE-2020-24588 can be exploited to force Wi-Fi devices to use a rogue DNS server. This redirects users to malicious websites. This allows hackers can read and modify unencrypted traffic. Rogue DNS servers are also vulnerable to DNS rebinding attacks. In the rebinding attacks, malicious code creates device-to-device attacks where they are connected to the same network.
Four of the 12 known vulnerabilities that make up FragAttacks are implementation flaws. This means they are created by bugs that software developers introduce when writing Wi-Fi-based specification code. In an attack, the hacker uses the bug to bypass security.
Vanhoef reveals how to exploit the four vulnerabilities to allow an attacker to, “punch a hole through a router’s firewall.” With the ability to connect directly to devices behind a firewall, Internet attackers can then send them malicious code or commands.
A lot of Wi-Fi flaws are now under review. And even with Vanhoefs report, no one is certain which devices are vulnerable. And which vulnerabilities have received security updates. It’s very possible that many Wi-Fi-enabled devices will never be fixed.
Who is at-risk and how to fix
On May 11th the Industry Consortium for Advancement of Security on the Internet (ICASI) issued a statement on Aggregation and Fragmentation Attacks against Wi-Fi. A comprehensive list of Vanhoef’s FragAttack advisories is available on Github.
Keep in mind that, FragAttacks aren’t likely to be launched against most Wi-Fi users. These attacks high-end hacker skills. They also need proximity. An attacker must be within 100 feet to a half-mile of the target, depending on the equipment the hacker is using.
There is a higher threat to networks used by retail chains, corporate networks, or governmental agencies where security is key. When updates are available, install them, but individuals are more at-risk from drive-by downloads than FragAttacks.