A set of vulnerabilities in the way Wi-Fi is designed and used in practice expose virtually all Wi-Fi enabled device to some form of attack. A handful of these flaws have existed since the original Wi-Fi standard was launched in 1997.
The results, publicly disclosed This week by Mathy Vanhoef, a researcher at New York University in Abu Dhabi, show that an attacker within Wi-Fi range of a target network could potentially exfiltrate a victim’s data and compromise their devices. But while the scale and scope of the exposure is staggering, many attacks would be difficult to carry out in practice, and not all Wi-Fi devices are affected by all vulnerabilities.
Vanhoef collectively refers to the results as “Fragmentation Attack,” short for “Fragmentation and Aggregation Attacks,” as the flaws are largely related to subtle issues in the way Wi-Fi cuts and reorganizes data in transit. to move the information as quickly as possible, then puts the data back together on the other end.
“The fragmentation feature is normally used to improve the performance of your Wi-Fi network if there is a lot of background noise,” Vanhoef explains. The goal is to split the data into more manageable fragments for transmission that can be reassembled efficiently when received. But Vanhoef discovered security weaknesses in the process. “You can get a receiver to reassemble two fragments from different packets or even store malicious data and combine it with legitimate information,” he says. “Under the right conditions, this can be used to exfiltrate data.”
Vanhoef also discovered a vulnerability that could allow an attacker to inject malformed data and become a “man in the middle” on a network, studying the data in transit to steal information or even take control of other devices. connected with additional vulnerabilities. They wouldn’t need special privileges to successfully hack.
“These design flaws are cause for concern. Because they’re so prevalent, every Wi-Fi device I tested was vulnerable to something, ”Vanhoef says. “But on the other hand, they are difficult to exploit. I sometimes like to say “patch before attacks get better”. “
Vanhoef spent nine months working on coordinated disclosure with numerous internet security organizations and industry companies. Microsoft, Samsung, Cisco, Intel, Linksys, Netgear, Eero, and many more have already released fixes. There is complete list security advisories and Vanhoef says more fixes will be released in the coming weeks.
Standards bodies and web security groups, including the Wi-Fi Alliance and the Industry Consortium for the Advancement of Internet Security, published notice this week, urge all Wi-Fi users and network administrators to update their devices if and when fixes are available.
Virtually all Wi-Fi devices require patches or mitigations of some sort, especially routers and other network equipment, which can be targeted to facilitate attacks. But these are exactly the types of devices, both for consumers and for businesses, who often do not receive updates, or cannot due to backward compatibility issues.
“These findings really go to the heart of how Wi-Fi works,” says Jim Palmer, longtime independent Wi-Fi researcher, who analysis the Frag Attack disclosure. “Some of these discoveries are really weird, but the attacks are also very complicated to do, it’s not a breathtaking thing. And the victims must be within Wi-Fi range, much like an explosion ray. “
Palmer says that for Wi-Fi specialists, Frag Attack will join a long mental list of vulnerabilities and flaws that require special attention in real-world deployments. In recent years, Vanhoef has also uncovered two of the other major Wi-Fi exhibits that reach this level: the Wi-Fi encryption attacks known as KRACK and Dragonblood. Like with these resultsPalmer expects Frag exhibits to be present and hiding in devices for decades.