Your WiFi Just Became More Secure Thanks To The FragAttacks Project
From The Team That Brought You KRACKs
It was just revealed by the FragAttacks project that there were a dozen vulnerabilities affecting all Wi-Fi security protocols since the first one was released in 1997; from WEP through WPA3 all suffered from design flaws which have recently been addressed. After extensive testing the team determined that essentially every piece of WiFi hardware on the planet is vulnerable to at least one of these attacks. Thankfully they are rather hard to take advantage of, more so now that they can be patched.
Over a nine month timeframe, the FragAttacks team worked with the Wi-Fi Alliance and ICASI to develop mitigation against both fragmentation and aggregation attacks. This resulted in Intel releasing a firmware update for their wireless products, a new addition to the Linux kernel to protect against these attacks and Microsoft quietly patching it back in early March. Even so, it is worth checking to see if there are updates for any and all wireless hardware in your home, up to and including your phone. ISPs may be the weak link in this chain, as they do not tend to push updates to the equipment they provide to residential users on any set schedule.
In brief, the aggregation attack makes use of the process by which WiFi frames are aggregated into a larger frame and an “is aggregated” flag added to the frame to inform the receiver this has occurred. Unfortunately, while the frames themselves can be authenticated and encrypted, the aggregated flag is not and that means unexpected frames could be injected and accepted by the receiver.
The second attack works in the reverse, with very large frames being fragmented into smaller frames which are all given the same encryption key for reassemble upon arrival. Unfortunately, receivers are not required to verify that all frames have the same key and so it is possible for fragments that are encrypted under different keys to be aggregated. In theory that could allow an attacker to take a peek into the entirety of an intercepted packet, though as of yet no examples have been found of attackers making use of this flaw.
You can head to the site for a much more thorough description of the flaws and mitigation thereof.
Patches for many affected devices and software have already been deployed, thanks to a nine-month-long coordinated responsible disclosure overseen by the Wi-Fi Alliance and the Industry Consortium for Advancement of Security on the Internet (ICASI). Linux patches have been applied and the kernel mailing list note mentions that Intel has addressed the flaws in a recent firmware update without mentioning it.
More Tech News From Around The Web
- Samsung reveals DDR5 memory module that’s ready for Compute Express Link @ The Register
- Google Says Docs Will Now Use Canvas Based Rendering, Warns Impact on Some Chrome Extensions @ Slashdot
- Compsci boffin publishes proof-of-concept code for 54-year-old zero-day in Universal Turing Machine @ The Register
- Mind-Controlled Flamethrower @ Hackaday