Category Wi-Fi Forensics

A Belgian security researcher says he uncovered vulnerabilities that affect all modern Wi-Fi security protocols and most wirelessly connected devices, including smartphones, routers and IoT devices. Many tech companies have fixed the flaws to avoid leaks of user data.

If exploited, these fragmentation and aggregation attacks - FragAttacks - could enable attackers to steal data if they are in close range of target devices and are able to run malicious code to compromise a device, whether it's a computer, smartphone or other IoT device, says Mathy Vanhoef, the Belgian researcher at New York University Abu Dhabi who discovered the flaws.

The vulnerabilities affect all modern security protocols of Wi-Fi, including the latest WPA3 specification and the original security protocol of Wi-Fi, called WEP, Vanhoef says.

“Several of the newly discovered design flaws have been part of Wi-Fi since its release in 1997,” Vanhoef says. “Fortunately, the design flaws are hard to abuse because doing so requires user interaction or is only possible when using uncommon network settings."

There are two design flaws in a feature of Wi-Fi that was previously not widely studied, and a proposed feature that was not adopted could have prevented one of the design flaws, Vanhoef says. He notes in a white paper: "This shows it stays important to analyze even the most well-known security protocols."

Vanhoef helped write patches for the Linux kernel and provided advice for technology manufacturers working on Wi-Fi security updates during a nine-month coordinated disclosure period supervised by the Wi-Fi Alliance and the Industry Consortium for Advancement of Security on the Internet. This enabled technology companies supplying Wi-Fi-enabled products, including Microsoft, Intel, Samsung, Cisco, Ruckus, Lenovo, Netgear and Synology, to quietly release patches, Vanhoef notes.

"Security researchers identified vulnerabilities in the frame aggregation functionality of some Wi-Fi devices," the Wi-Fi Alliance said in a statement. "There is no evidence of the vulnerabilities being used against Wi-Fi users maliciously, and these issues are mitigated through routine device updates that enable detection of suspect transmissions or improve adherence to recommended security implementation practices."

Erich Kron, security awareness advocate at KnowBe4, notes: "Due to the overwhelming number of devices this will impact, the vulnerabilities will likely be around for some time and active exploits are likely to be spotted in the wild."

Andy Norton, European cyber risk officer at security firm Armis, adds: “Having a total picture of the devices that comprise your attack surface is becoming increasingly important to insure no blind spots become the entry point for future intrusions.”

Full Article:

You must be logged in to post a comment.