Almost all Wi-Fi is potentially vulnerable to flaws dating back to 1997 on the market, but even those who discover the weaknesses say some of them are difficult to exploit.
Mathy Vanhoef, a postdoc in NYU Abu Dhabi, has created attacks that exploit vulnerabilities (FragAttacks), but in academic papers on them, the most widespread vulnerabilities can only be exploited under certain rare conditions. It states that there is. Success requires user interaction or a very unusual configuration.
Other vulnerabilities (what vendors call programming mistakes in Wi-Fi products) are easily exploited.
According to Vanhoef’s website on FragAttacks, his exploits could allow an attacker within wireless range to steal user information or attack devices on the user network. Defects fall into two categories. It’s in the Wi-Fi standard itself, and therefore affects most devices, and is caused by widespread programming mistakes in the implementation of individual Wi-Fi products.
Of the major Wi-Fi vendors, only Aruba / HPE and Huawei have publicly approved disclosure of Frag Attack flaws. Aruba has released a statement that the access point contains a flaw, but prior to this week’s disclosure, it updated the software and provided documentation detailing the patched AP.
Huawei said it had “started an immediate investigation” and promised to keep it up to date as more information was shared. Cisco and Ubiquiti refused to provide public comments as of Friday afternoon.
Vanhoef publishes a report to help resolve the issue after nine months of disclosure to the Wi-Fi vendor. Tools to check if your device is vulnerable to these defects are available here for free.
The three most widespread and serious flaws could allow an attacker to insert a malicious frame into a protected Wi-Fi network. This could allow an attacker to trick a client device into using a malicious DNS server or bypass NAT and firewall to force traffic through a router. This weakness affects the products of almost all major manufacturers.
“Fortunately, [Wi-Fi-standard] According to Vanhoef’s site, design flaws are difficult to exploit as they can only occur if user interaction is required or if you are using unusual network settings. “As a result, in reality, some Wi-Fi products are easily available, and programming mistakes are of utmost concern.”
According to Vanhoef, most exploits work because of a vulnerability in the way Wi-Fi handles frame fragmentation and frame aggregation. Frame aggregation is designed to speed up network connections by combining smaller frames into larger frames using a flag system that tells the device whether a particular frame is a single frame or an aggregated frame. It is designed. The problem is that the “aggregate” flag is not authenticated at both ends of the connection and can be spoofed by a malicious attacker.
Fragmentation does the opposite, splitting large frames into smaller frames for added reliability. The disadvantage is that the receiving device does not have to check if all parts of the split frame are encrypted using the same key. That is, an attacker could confuse different fragments and steal data from the network.
Other vulnerabilities identified by Vanhoef include aspects of Wi-Fi’s WPA security protocol. By default, these protocols are not sufficient to authenticate and match all parts of a message, leaving an opening that can be used for network breaches or data theft.
Forrester analyst Andre Kindness said these flaws seem far from being exploited in the wild.
“Is that something that keeps me up late? What?” Kind said. “Ocean’s 11 or Mission: It’s like an Impossible scenario. You need to know what someone has. You need to come across the perfect scenario where someone didn’t do something right with the device or AP firmware. Must be at wireless distance. “
According to kindness, enterprise users should ensure that all patches are up to date and use scanning tools to continue from there if they find any flaws.
Vanhoef will be giving a talk on Frag Attack at the USENIX Security Symposium, which is scheduled for August 11-13 as a virtual event.
Copyright © 2021 IDG Communications, Inc.
“Frag Attack” flaws threaten Wi-Fi, but not so seriously
Source link “Frag Attack” flaws threaten Wi-Fi, but not so seriously