Wi-Fi vulnerability can leave millions of devices exposed to ‘fragmentation attacks’

A security researcher known for report faults in WiFi security discovered another vulnerability. The recently discovered flaws, known as “fragmentation attacks”, are believed to be widespread because they originate from the WiFi standard, with a few bugs dating back to 1997. Although several additional vulnerabilities are caused by programming errors in WiFi products and affect all WiFi devices, Belgian security researcher Mathy Vanhoef wrote on his Blog.

Theoretically, if exploited, vulnerabilities would allow an attacker within radio range to steal user information or attack devices. But, the chances of loophole abuse should be low as the attacks require unusual user interaction or network settings.

Describing how they work, Vanhoef explained that several of the flaws can be abused to “easily inject” plain text frames into a protected Wi-Fi network, “as well as some devices accepting” aggregate plain text frames that look like to handshake messages “. be used to intercept traffic by tricking the victim into using a malicious DNS server, the researcher noted. In experiments, Vanhoef found that two out of four home routers tested were affected by this vulnerability, as well as several IoT devices and some smartphones.

Other vulnerabilities relate to the process by which the WiFi standard breaks and then reassembles network packets, allowing an attacker to siphon data by injecting their own malicious code during this operation. Vanhoef has uploaded a demo of the vulnerabilities, including a step-by-step explanation of frag attacks, which you can watch below.

As with his previous findings – including the ‘Krack Attack’ of 2017 – Vanhoef shared his findings with the Wi-Fi Alliance. Over the past nine months, the organization has worked with device vendors on updates that fix the flaws.

As a result, some fixes have already been released or are in development. Microsoft fixed three of the 12 bugs that affect Windows systems in hotfixes released March 9, according to the Cyber ​​Security News site The record. A Linux kernel patch is also making its way into the release system, reports ZDNet.

According to the Industry Consortium for the Advancement of Internet Security (ICASI), groups like Cisco, Juniper Networks, Sierra Wireless, and HPE / Aruba Networks have also started developing patches to mitigate the vulnerabilities. You can verify if your device has received fixes for any of the 12 frag attacks by checking its firmware change logs and checking for updates related to the CVE credentials listed on the ICASI website. If you are still unsure, Vanhoef recommends accessing the sites over secure HTTPS connections.

“There is no evidence that the vulnerabilities are used against Wi-Fi users in malicious ways, and these issues are mitigated by routine device updates that detect suspicious transmissions or improve performance. adherence to recommended security implementation practices, ”said the Wi-Fi Alliance.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through any of these links, we may earn an affiliate commission.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *