Home
 » ISP News » 
Sponsored

Millions of UK WiFi Routers and Devices at Risk of FragAttacks

Thursday, May 13th, 2021 (9:11 am) - Score 5,544
wifi uk internet security

A Belgian security researcher, Mathy Vanhoef, has uncovered a bunch of new vulnerabilities in Wi-Fi (wireless networking) technology that stem from a mix of historic design flaws and programming mistakes, some of which may have been present since all the way back in 1997! You’re about to hear a lot about “FragAttacks.

The situation, which has caused various WiFi equipped devices and broadband router manufacturers to issue new firmware updates for their devices (here), is likely to affect a significant amount of kit. Companies and consumers who do not keep their devices up-to-date could thus be at risk from hackers (i.e. those within range of your signal, at least).

According to Vanhoef, any attacker within radio range of a victim can “abuse these vulnerabilities to steal user information or attack devices,” which is not great, and it only gets worse. “Experiments indicate that every Wi-Fi product is affected by at least one vulnerability and that most products are affected by several vulnerabilities,” said the researcher (this also includes kit with the latest WPA3 encryption standard).

The good news is that security updates to tackle these vulnerabilities are already being issued by many manufacturers and Vanhoef has also setup the FragAttacks website to help inform people of the dangers. Another bit of good news is that the design flaws are not easy to exploit, but the same cannot be said for those programming mistakes.

Mathy Vanhoef said:

“Fortunately, the design flaws are hard to abuse because doing so requires user interaction or is only possible when using uncommon network settings. As a result, in practice the biggest concern are the programming mistakes in Wi-Fi products since several of them are trivial to exploit.

The discovery of these vulnerabilities comes as a surprise, because the security of Wi-Fi has in fact significantly improved over the past years.”

Apparently, the vulnerabilities have been known about for the best part of a year and what we’re seeing now is a coordinated public disclosure (i.e. after giving companies time to patch), which has been supervised by the Wi-Fi Alliance and ICASI. If updates for your device are not yet available, you can mitigate some attacks (but not all) by assuring that websites use HTTPS and by assuring that your devices received all other available updates.

Vanhoef doesn’t know for certain whether the flaws are already being exploited, although his team have not yet observed any evidence of this. On top of that it took a long time to discover some of the flaws, which do not appear to have been identified before.

The fact that any hacker needs to be in radio range of the target network and the network itself must have certain misconfigured settings further adds to the challenge, as would the need for an attacker to have direct interaction with a user.

The design flaws were assigned the following CVEs:

  • CVE-2020-24588: aggregation attack (accepting non-SPP A-MSDU frames).
  • CVE-2020-24587: mixed key attack (reassembling fragments encrypted under different keys).
  • CVE-2020-24586: fragment cache attack (not clearing fragments from memory when (re)connecting to a network).

Implementation vulnerabilities that allow the trivial injection of plaintext frames in a protected Wi-Fi network are assigned the following CVEs:

  • CVE-2020-26145: Accepting plaintext broadcast fragments as full frames (in an encrypted network).
  • CVE-2020-26144: Accepting plaintext A-MSDU frames that start with an RFC1042 header with EtherType EAPOL (in an encrypted network).
  • CVE-2020-26140: Accepting plaintext data frames in a protected network.
  • CVE-2020-26143: Accepting fragmented plaintext data frames in a protected network.

Other implementation flaws are assigned the following CVEs:

  • CVE-2020-26139: Forwarding EAPOL frames even though the sender is not yet authenticated (should only affect APs).
  • CVE-2020-26146: Reassembling encrypted fragments with non-consecutive packet numbers.
  • CVE-2020-26147: Reassembling mixed encrypted/plaintext fragments.
  • CVE-2020-26142: Processing fragmented frames as full frames.
  • CVE-2020-26141: Not verifying the TKIP MIC of fragmented frames.

Suffice to say, now is a good time to ensure your devices and software are all up-to-date. Credits to Steve for pointing this out to us.

Leave a Comment
0 Responses

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Comments RSS Feed

Javascript must be enabled to post (most browsers do this automatically)

Privacy Notice: Please note that news comments are anonymous, which means that we do NOT require you to enter any real personal details to post a message. By clicking to submit a post you agree to storing your comment content, display name, IP, email and / or website details in our database, for as long as the post remains live.

Only the submitted name and comment will be displayed in public, while the rest will be kept private (we will never share this outside of ISPreview, regardless of whether the data is real or fake). This comment system uses submitted IP, email and website address data to spot abuse and spammers. All data is transferred via an encrypted (https secure) session.

NOTE 1: Sometimes your comment might not appear immediately due to site cache (this is cleared every few hours) or it may be caught by automated moderation / anti-spam.

NOTE 2: Comments that break our rules, spam, troll or post via known fake IP/proxy servers may be blocked or removed.
Cheapest Superfast ISPs
  • Vodafone £21.95 (*24.95)
    Speed 35Mbps, Unlimited
    Gift: None
  • NOW £22.00 (*32.00)
    Speed 36Mbps, Unlimited
    Gift: None
  • TalkTalk £22.00 (*29.95)
    Speed 38Mbps, Unlimited
    Gift: None
  • Hyperoptic £22.00
    Speed 50Mbps, Unlimited
    Gift: None
  • Shell Energy £22.99 (*30.99)
    Speed 35Mbps, Unlimited
    Gift: 12 Months of Norton 360
Large Availability | View All
Cheapest Ultrafast ISPs
  • Community Fibre £20.00 (*29.50)
    Speed: 150Mbps, Unlimited
    Gift: Double Speed Boost
  • Virgin Media £25.00 (*51.00)
    Speed: 108Mbps, Unlimited
    Gift: None
  • Vodafone £25.00 (*28.00)
    Speed: 100Mbps, Unlimited
    Gift: None
  • Gigaclear £29.00 (*49.00)
    Speed: 300Mbps, Unlimited
    Gift: None
  • Hyperoptic £29.00 (*35.00)
    Speed: 150Mbps, Unlimited
    Gift: None
Large Availability | View All
The Top 20 Category Tags
  1. FTTP (3278)
  2. BT (2951)
  3. Building Digital UK (1860)
  4. FTTC (1859)
  5. Politics (1846)
  6. Openreach (1766)
  7. Business (1611)
  8. Mobile Broadband (1389)
  9. Statistics (1364)
  10. FTTH (1361)
  11. 4G (1201)
  12. Fibre Optic (1136)
  13. Wireless Internet (1120)
  14. Virgin Media (1109)
  15. Ofcom Regulation (1108)
  16. EE (794)
  17. Vodafone (791)
  18. TalkTalk (739)
  19. Sky Broadband (719)
  20. 5G (685)
Promotion
Helpful ISP Guides and Tips
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms , Privacy and Cookie Policy , Links , Website Rules , Contact