Fragmentation and aggregation attacks, also known as frag attacks, are a collection of design bugs and programming security flaws that impact Wi-Fi systems. According to recent research, any intruder within radio range of an objective has the ability to leverage these vulnerabilities.
According to research, although interface bugs can be more difficult to exploit due to the need for user intervention or unusual network configurations, code weaknesses pose a greater threat. Unfortunately, these vulnerability vulnerabilities concern all current Wi-Fi security protocols, even the most recent WPA3 and others dating back to 1997’s WEP. This suggests that a wide range of systems have possibly been vulnerable for a long time.
These flaws are surprising, given the improved protection protocols for Wi-Fi products over the years. In reality, researchers discovered that the vulnerabilities date back to the mid-1990s, when some of the first Wi-Fi protocols were created. However, programming bugs occur in all mobile devices.
An intruder will theoretically leverage programming bugs through injecting plaintext frames into a secure Wi-Fi network until they get within near range of a mobile device consumer. Since certain devices trust plaintext aggregated frames that look like handshake signals, a large number of people may be harmed. By tricking the aim into using an evil DNS api, hackers might intercept traffic to the system in question. According to the research, this flaw affected two of the four home routers evaluated, as well as a number of IoT devices and smartphones.
Other flaws discovered involve the way the Wi-Fi standard separates and reassembles network packets, allowing an intruder to steal data by inserting malicious code through this transition.
The Wi-Fi Alliance has spent the last nine months partnering with system manufacturers to address certain protection vulnerabilities since being told of them. Microsoft has currently patched three of the 12 vulnerabilities impacting Windows systems, which were released on March 9. Following that, a similar patch to the Linux kernel should be accessible.
The researcher that uncovered the Wi-Fi vulnerabilities, some of which have existed since 1997, is Mathy Vanhoef. The vulnerabilities he discovered affect all modern Wirless security protocols, including the latest WPA3 specification. You may remember Vanhoef as one of the researchers behind the KrackAttacks weaknesses in the WPA2 protocol. As Vanhoef puts it:
“it stays important to analyze even the most well-known security. Additionally, it shows that it’s essential to regularly test Wirless products for security vulnerabilities, which can for instance be done when certifying them.”
In each network, there is a maximum size to the chunks of data that can be transmitted on a network layer, called the MTU (Maximum Transmission Unit). Packets can often be larger than this maximum size, so to fit inside the MTU limit each packet can be divided into smaller pieces of data, called fragments. These fragments are later re-assembled to reconstruct the original message.
Wirless networks can use this packet fragmentation to improve throughput. By fragmenting data packets and sending more, but shorter frames, each transmission will have a lower probability of collision with another packet. So, if the content of a message is too large to fit inside a single packet, the content is spread across several fragments, each with its own header.
Just like packets, frames are small parts of a message in the network. A frame helps to identify data and determine the way it should be decoded and interpreted. The main difference between a packet and a frame is the association with the OSI layers. While a packet is the unit of data used in the network layer, a frame is the unit of data used on the layer below it in the OSI model’s data link layer. A frame contains more information about the transmitted message than a packet.
Furthermore, according to the Internet’s Industry Consortium for Advancement of Security (ICASI), Cisco, HPE/Aruba Networks, and Sierra Wireless have begun creating fixes to fix the vulnerabilities.
For the time being, users should assess firmware changelogs for the relevant CVE mentioned on ICASI’s website to see whether their mobile devices have initiated the appropriate updates. Users that choose a more secure solution can only access websites that use the HTTPS protocol.