Numerous implementation flaws and three architectures have been revel in IEEE 802.11 technical standard that undergirds Wireless devices, probably enables the rival to take unauthorized control over a system and steal the sensitive data.

FragAttacks short for (FRgmentation and AGgregation Attacks), the vulnerable impact all the protocols of Wi-Fi security, from Wired Equivalent Privacy (WEP) to Wi-Fi Protect Access 3 (WPA3), thus virtually impacting on almost every Wi-Fi device at the major risk of attack.

A security academic at New York University Abu Dhabi, Mathy Vanhoef said that “An Experiment shows us that every Wireless product is infected by at least one vulnerable and almost products are affected by some vulnerabilities.”

“An opponent that is within a radio range of victim can directly exploit these vulnerabilities to plunder user information or attack devices.”  

IEEE 802.11 grants the basis for all the modern devices which are using the Wi-Fi family of network protocols, such as laptops, tablets, printers, smartphones, smart speakers, and other devices to access the internet using a Wi-Fi network.

WPA3 is a third-generation security protocol that’s placed at the heart of every Wi-Fi device with several improvements like robust authentication and expand cryptographic strength to safeguard the Wi-Fi computer network.

According to Mr. Vanhoef, the major issues trunk from “widespread” programming errors encoded in the implementation of the standard, with some buds dating back to 1997. The vulnerabilities have to do with the way the standard fragments and aggregates frames, permits threat actors to insert arbitrary packets and mislead a victim into using a mischievous DNS server, or forge the frames to draft the information.

Which Vulnerabilities are Affected?

There are 12 flaws are listing below –

•     CVE-2020-24588: It accepts non-SPP A-MSDU frames

•     CVE-2020-24587: It reassembles fragment encryption under different keys

•     CVE-2020-24586: It’s not clear fragments from memory when (re)connecting to a network

•     CVE-2020-26145: It accepts plain text broadcast fragments as full frames (in an encrypted network)

•     CVE-2020-26144: It accepts plain text A-MSDU frames that initialize with an RFC1042 header with EtherType EAPOL (in an encrypted network)

•     CVE-2020-26140: It accepts plain text data frames in a secured network

•     CVE-2020-26143: It accepts fragmented plain text data frames in a secured network

•     CVE-2020-26139: It forward EAPOL frames even though the sender is not yet authorized

•     CVE-2020-26146: It reassembles encrypted fragments with non-consecutive packet numbers

•     CVE-2020-26147: It reassembles mixed encrypted/ plaintext fragment

•     CVE-2020-26142: It processes fragmented frames as full frames

•     CVE-2020-26141: Not verify the TKIP MIC of fragmented frames

A bad actor can hold these bugs to insert arbitrary network packets, intercept and depart user data, start denial-of-service, and even possibly encode packets in WAP or WAP2 networks.

“In case the network packets can be inserted into the client’s computer then this will abuse to conspire the client using a malicious DNS server,” Mr. Vanhoef brief in an accompanying research paper. “if any network packet can be inserted towards an access point, the opponent can harm this to bypass the NAT/firewall and later connects directly to any device situated in the local network.”

These flaws can be abused as a first stone to start advanced attacks, allowing an attacker to control an outdated Windows 7 machine within a local network. But on an intense note, the design mistakes are hard to abuse as they need user command or are only possible when using an uncommon network setting.

The research has been shared with the wireless strategy, various firmware updates were prepared during a disclosure period of around 9-month-long. Microsoft released fixes for some of the errors (CVE-2020-24587, CVE-2020-24588, and CVE-2020-26144) as part of its Patch updated on Tuesday, May 2021. Vanhoef said an updated Linux kernel is in the works for actively supported distributions.

This happens various times when Vanhoef has demonstrated server vulnerabilities in the wireless standard. The findings disclosed what’s known as KRACKs (Key Re-installation AttACKs) in WPA2 protocol, permitting an attacker to go through the sensitive information and steal crucial information like credit card numbers, passwords, messages, and other information.

Vanhoef said, “More on, our gathering attack could have been escaping if devices had implemented optional security improvements earlier.” This shows the concern of setup the security improvements before practical attacks are known. The two fragmentation based architect flaws were, at a high level, induced by not adequately separating different security contexts is an important rule to take into account when designing protocols.”

Summering Up

Mitigation for FragAttacks from various companies like Cisco, HPE/Aruba Networks, Juniper Networks, and Sierra Wireless can be accessed in the advisory released by the Industry Consortium for Advancement of Security on the Internet(ICASI).

“There is no such evidence of the flaws being used against Wireless network users maliciously, and these issues are reduced through routine device updates that observe the suspects transmissions or upgarde adherence to recommended security implementions practices, “the Wi-Fi Alliance said.