WiFi devices still vulnerable to bugs from 1997

It's great that WiFi is here to stay and very useful for most tasks. It's also great that it's free, and many of us rely on it every day with our mobile devices. However, WiFi is still full of bugs and security issues that need to be addressed. Many of these issues were identified in 1997 by researcher Craig Miller. The most recent bug identified by Miller is a flaw in the WPS protocol. This is the same bug that was exploited by the KRACK attack that occurred last October.

Despite a rash of security flaws discovered in WiFi devices over the past few years, still more vulnerabilities have been discovered that are capable of allowing an attacker to take full control of your device. The flaws were published by Google researchers for the WPA2 protocol, which is used to secure devices that use WiFi connections. It affects both personal and enterprise WiFI networks. This means that hackers can potentially gain access to your computer, smartphone, or any other device that uses WiFi to connect to the Internet.

Mati Vanhoef, a security researcher at New York University in Abu Dhabi, has discovered flaws in the WiFi standard dating back to bugs that first surfaced in 1997. These vulnerabilities affect virtually all WiFi devices sold in the last 24 years.

The vulnerabilities are called FragAttacks (Fragmentation and Aggregation Attacks) and can exploit a victim's WiFi connection to steal user information or even attack devices. The study will be presented at the USENIX Security and Black Hat USA conference this summer.

According to Vanhoef, three of the discovered vulnerabilities are inherent design flaws and therefore affect the largest number of devices. Other vulnerabilities result from programming errors in the implementation of the WiFi standard in most devices.

Vanhoef's experiments show that every device is vulnerable to at least one of these defects. They affect all current WiFi security protocols, including the WPA3 specification. However, the impact of these vulnerabilities on WEP, the original WiFi security protocol, has shown the true age of these design flaws.

Design flaw in fragment cache Figure

But it's not all bad news. There may be design flaws in the protocols. Yet it is difficult to abuse, because it requires user intervention or because it would only be possible with unusual network settings, according to Vanhoef. Therefore, programming errors in WiFi products are the most vulnerable because they are an easier target.

A detailed overview of all discovered vulnerabilities and their CVE identifiers is available on the Vanhoef Github.

The following is a brief overview of all the bugs found in the WiFi standard, its implementation, and other implementation errors.

WiFi standard design errors

  • CVE-2020-24588: Aggregation attack (receiving non-SPP A-MSDU frames).
  • CVE-2020-24587 : Mixed key attack (merging of fragments encrypted under different keys).
  • CVE-2020-24586: Fragment cache attack (fragments are not cleared from memory upon network (reconnection)).

WiFi implementation errors

  • CVE-2020-26145 : Accept fragments of a public text transmission as a full screen (in an encrypted network).
  • CVE-2020-26144: Receive open A-MSDU frames beginning with the RFC1042 header with EtherType EAPOL (on an encrypted network).
  • CVE-2020-26140: Receiving unencrypted data frames over a secure network.
  • CVE-2020-26143 : Receiving fragmented plain text data frames over a secure network.

Residual implementation weaknesses

  • CVE-2020-26139 : Forward EAPOL frames even if the sender is not authenticated (only APs should deal with this).
  • CVE-2020-26146 : Reassemble encrypted fragments with inconsistent packet numbers.
  • CVE-2020-26147 : Compose mixed encrypted/clear text fragments.
  • CVE-2020-26142: Treats fragmented frames as full frames.
  • CVE-2020-26141 : The TKIP of fragmented frames is not checked.

Vanhoef even put a video on YouTube demonstrating these attacks. For a more technical analysis and detailed information, see Vanhoef's research paper Fragment and Forge: Destruction of Wi-Fi due to frame aggregation and fragmentation.

In the news: Google Pay lets US users send money to India and Singapore

There is a tool on Github that you can run on your machine to see if clients or access points are affected by these new vulnerabilities. The tool supports more than 45 test cases and can test home networks or corporate networks with authentication.

However, you will need custom drivers for this tool to work properly. To make things easier, Vanhoef provided a live USB image with pre-installed custom drivers and firmware for specific Atheros WiFi dongles, as well as a pre-configured Python environment for the tool.

If you can't run this tool, Mathey's website also lists various measures users can take to protect themselves. User protection is largely ensured by the use of HTTPS connections that block attacks.

The vulnerabilities were discovered during Microsoft Patch Tuesday in May 2021, and patches have already been released for three of the 12 vulnerabilities affecting Windows machines. Sierra Wireless, Cisco and HPE/Aruba have already released patches, and other vendors will be developing their own versions soon, ICASI said.

More information about the attacks and a detailed FAQ can be found on the FragAttack website.

In the news: Nvidia offers RTX series ray tracing for laptops starting at $799.

Someone who writes, edits, films, presents technology programs and races virtual machines in their spare time. You can contact Yadullah at [email protected] or follow him on Instagram or Twitter.

This source has been very much helpful in doing our research. Read more about frag 1.7 8 and let us know what you think.

Related Tags:

fragment and forge wifiwpa2 downgrade attackfrag 1.7 8key reinstallation attackfrag patch notes 1.6 9frag new update,People also search for,Privacy settings,How Search works,fragment and forge wifi,wpa2 downgrade attack,fragment and forge: breaking wi-fi through frame aggregation and fragmentation,frag 1.7 8,key reinstallation attack,key reinstallation attacks: forcing nonce reuse in wpa2,frag patch notes 1.6 9,frag new update

Leave a Reply

Your email address will not be published. Required fields are marked *