Mathy Vanhoef, a post-doctoral scholar, a student at NY University in Abu Dhabi, has created an attack called FragAttacks(fragmentation and aggregation attacks) which is a combination of new security vulnerabilities that affect Wi-Fi devices. However, according to an academic paper, this attack is one of the most extensive vulnerabilities that can be exploited only under particular and rare conditions that involve either user interaction or extremely unique configurations.
According to Vanhoef’s FragAttacks website, his exploits will allow attackers to steal user information within radio range or targeted user’s devices for attack. The vulnerabilities are divided into two groups, the first of which is found in the Wi-Fi standard itself, and thus affects the majority of devices. The second flaws are in Wi-Fi devices that have been found as a result of widespread programming errors.
Vanhoef claims that Wi-Fi manages frame fragmentation and frame aggregation, which are the most exploits operate due to flaws. Frame aggregation is a technique for speeding up network connections by merging smaller frames into larger ones using a flag scheme that informs devices whether a given frame is a single frame or an aggregated frame. The issue is that the “aggregated” flag is not authenticated on both ends of the link and can be spoofed by an attacker easily. Fragmentation, on the other hand, does the reverse, dividing larger frames into smaller ones to improve durability. Receiving devices aren’t needed to verify if all sections of a split frame have been encrypted with the same keys, which means an intruder might mix up various fragments and steal data from a network. He also found flaws in WiFi’s WPA security protocols, which don’t do enough by default; it authenticates and lines up all parts of a packet, leaving holes that could be exploited to hack networks and steal data.
Among various Wi-Fi businesspeople, only Aruba and Huawei have publicly confirmed the confession of the FragAttack vulnerabilities. Aruba Wireless Networks stated that their access points contained the bugs, but now they modified their software and also issued a document detailing the APs that have been patched. And on the other side, Huawei also mentioned that they have started an investigation right away after the attack and vowed to provide public updates as soon as more information became available.
By Navya Swarup
Campus Ambassador, WCSF