In this article we will discuss What is FragAttacks and how to test if your Wifi router is vulnerable to it. FragAttacks is a collection of vulnerabilities, three of which date all the way back to the introduction of Wi-Fi in 1997. The flaws affect all modern Wi-Fi security protocols, ranging from WPA-3 to WEP.
Mathy Vanhoef, a security researcher well-known for discovering vulnerabilities in Wi-Fi security, has discovered a new method of breaking into Wi-Fi devices dubbed FragAttacks (fragmentation and aggregation attacks).
The method works on all Wi-Fi devices dating all the way back to 1997, but thankfully, some patches have already been released. He demonstrated in a demonstration how the FragAttacks lead to several concerning possibilities.
What is FragAttacks
To comprehend the vulnerabilities, it's necessary to understand how a Wi-Fi network operates. Networks avoid overloading by encapsulating data in packets for transmission. These fragments of data packets are later gathered and reassembled.
Frames, like data packets, are small components of a message transmitted over a network. Frames act as a handshake between devices and contain significantly more information about the message than packets do.
The flaws target those aspects of Wi-Fi networks in order to inject malicious frames into the network. When your network accepts the handshake message, it also accepts a second subframe connected to the initial "handshake message," which contains the malicious data.
As Vanhoef put it, "in a sense, one part of the code will interpret the frame as a handshake message and will accept it despite the fact that it is unencrypted." Rather than that, another section of the code will view it as an aggregated frame and process the packet that the adversary wishes to inject."
The attack is capable of exploiting any Wi-Fi device or network, including those that do not support fragmentation or aggregation.
The good news is that Vanhoef responsibly disclosed the vulnerabilities and provided a nine-month lead time. However, this leaves a large number of IoT devices, routers, and macOS systems vulnerable. Vanhoef even tricked a macOS device into connecting to a malicious DNS server, redirecting unsuspecting users to hacker-controlled websites. Additionally, by installing a malicious DNS server, the hacker can exfiltrate private data such as usernames, passwords, and possibly more.
Most vulnerabilities are hard to exploit.
The good news is that the majority of vulnerabilities are difficult to exploit in the wild. At the moment, at least. However, Vanhoef asserts that the programming flaws that resulted in the vulnerability are easily exploited. You can, however, mitigate the issue of data exfiltration by only visiting HTTPS-secured websites. Sites that are properly secured will prevent the bad actor from viewing your data while it is in transit.
Test & Remediation of the FragAttacks
For the time being, update your devices as soon as possible, particularly Windows 10 devices, as Microsoft has already released patches for Windows 10 that should address the issue, and a Linux fix is on the way. Additionally, whenever possible, use HTTPS, regardless of whether you're up to date. Additionally, the newly launched FragAttacks website describing the vulnerabilities recommends “disabling fragmentation, pairwise rekeying, and dynamic fragmentation in Wi-Fi 6 (802.11ax) devices.” Additionally, an opensource tool on Github can assist in determining whether your routers are still vulnerable.