A security researcher known for pointing out faults in WiFi security has discovered another vulnerability. The newly unearthed flaws, known as "frag attacks," are believed to be widespread as they stem from the WiFi standard, with some bugs dating back to 1997. While several additional vulnerabilities are caused by programming mistakes in WiFi products and affect every WiFi device, Belgian security researcher Mathy Vanhoef wrote on his blog.
Theoretically, if exploited, the vulnerabilities would allow an attacker within radio range to steal user information or attack devices. But, the chances of the flaws being abused should be low as the attacks require user interaction or uncommon network settings.
Breaking down how they work, Vanhoef explained that several of the flaws can be abused to "easily inject" plaintext frames into a protected Wi-Fi network," along with certain devices accepting "plaintext aggregated frames that look like handshake messages." This can be used to intercept traffic by tricking the victim into using a malicious DNS server, the researcher noted. In experiments, Vanhoef found that two out of four tested home routers were affected by this vulnerability, along with several IoT devices and some smartphones.
Other vulnerabilities are linked to the process by which the WiFi standard breaks and then reassembles network packets, allowing an attacker to siphon data by injecting their own malicious code during this operation. Vanhoef has uploaded a demo of the flaws, including a step-by-step explanation of the frag attacks, which you can watch below.
As with his previous findings — including the "Krack Attack" from 2017 — Vanhoef shared his discoveries with the Wi-Fi Alliance. Over the past nine months, the organization has been working with device vendors on updates that address the flaws.
As a result, some fixes have already been released or are in the pipeline. Microsoft has addressed three of the 12 bugs that impact Windows systems in patches released on March 9th, according to cybersecurity news site The Record. A patch to the Linux kernel is also working its way through the release system, reports ZDNet.
The likes of Cisco, Juniper Networks, Sierra Wireless and HPE/Aruba Networks have also begun developing patches to mitigate the vulnerabilities, according to the Industry Consortium for Advancement of Security on the Internet (ICASI). You can check if your device has received patches for any of the 12 frag attacks by checking its firmware changelogs and looking for updates that relate to the CVE identifiers listed on the ICASI's website. If you're still unsure, however, Vanhoef recommends accessing sites via secure HTTPS connections.
"There is no evidence of the vulnerabilities being used against Wi-Fi users maliciously, and these issues are mitigated through routine device updates that enable detection of suspect transmissions or improve adherence to recommended security implementation practices," the Wi-Fi Alliance said.