In the Wi-Fi specification, one of the flaws tracked as CVE-2020-24588 can be exploited to force Wi-Fi devices to use a rogue DNS server. This redirects users to malicious websites. This allows hackers can read and modify unencrypted traffic. Rogue DNS servers are also vulnerable to DNS rebinding attacks. In the rebinding attacks, malicious code creates device-to-device attacks where they are connected to the same network.
Four of the 12 known vulnerabilities that make up FragAttacks are implementation flaws. This means they are created by bugs that software developers introduce when writing Wi-Fi-based specification code. In an attack, the hacker uses the bug to bypass security.
Vanhoef reveals how to exploit the four vulnerabilities to allow an attacker to, “punch a hole through a router’s firewall.” With the ability to connect directly to devices behind a firewall, Internet attackers can then send them malicious code or commands.
A lot of Wi-Fi flaws are now under review. And even with Vanhoefs report, no one is certain which devices are vulnerable. And which vulnerabilities have received security updates. It’s very possible that many Wi-Fi-enabled devices will never be fixed.
Who is at-risk and how to fix
On May 11th the Industry Consortium for Advancement of Security on the Internet (ICASI) issued a statement on Aggregation and Fragmentation Attacks against Wi-Fi. A comprehensive list of Vanhoef’s FragAttack advisories is available on Github.
