The FragAttacks is a collection of security vulnerabilities. Three of them are design flaws with Wi-Fi itself and affect most devices that use Wi-Fi, while others, according to the researchers, found the programming mistakes in many Wi-Fi products.
With these vulnerabilities, an attacker could use FragAttacks to perform two types of attacks:
If in the right situation, an attacker can utilize FragAttacks to steal data from a Wi-Fi network that should be encrypted and protected against such an attack. If the user is sending unencrypted data over an encrypted Wi-Fi connection, a FragAttack could be used to bypass the Wi-Fi encryption. However, those websites or applications that are securely encrypted (eg. HTTPS), will be protected from this kind of attack.
The other possible attack is, FragAttacks could be used to launch attacks against vulnerable devices on a Wi-Fi network, such as smart home and IoT devices, especially those brands that do not provide long-term support for their devices—do not regularly receive updates. Once compromised, the attacker can remotely take over the control of these smart/IoT devices.
List of vulnerabilities included in FragAttack:
- CVE-2020-24588: aggregation attack (accepting non-SPP A-MSDU frames).
- CVE-2020-24587: mixed key attack (reassembling fragments encrypted under different keys).
- CVE-2020-24586: fragment cache attack (not clearing fragments from memory when (re)connecting to a network).
- CVE-2020-26145: Accepting plaintext broadcast fragments as full frames (in an encrypted network).
- CVE-2020-26144: Accepting plaintext A-MSDU frames that start with an RFC1042 header with EtherType EAPOL (in an encrypted network).
- CVE-2020-26140: Accepting plaintext data frames in a protected network.
- CVE-2020-26143: Accepting fragmented plaintext data frames in a protected network.
- CVE-2020-26139: Forwarding EAPOL frames even though the sender is not yet authenticated (should only affect APs).
- CVE-2020-26146: Reassembling encrypted fragments with non-consecutive packet numbers.
- CVE-2020-26147: Reassembling mixed encrypted/plaintext fragments.
- CVE-2020-26142: Processing fragmented frames as full frames.
- CVE-2020-26141: Not verifying the TKIP MIC of fragmented frames.
More details can be found in the original article.
- X Series with Wi-Fi
- Balance Series with Wi-Fi
- MAX Series with Wi-Fi
- UBR Series
- SOHO Series
- AP Series
We are preparing the fixes to be included in the target firmware release listed below.
|X Series||with Wi-Fi||8.1.3|
|Balance Series||with Wi-Fi||8.1.3|
|MAX Series||with Wi-Fi||8.1.3|
|802.11ac Wave 2/ax||3.9.1|
As a temporary measure prior to the firmware availability, there are some workarounds to safeguard your network from the FragAttacks. Here are some tips:
Ensure your devices and OS are getting security updates. You should opt for an upgrade if you have machines with the older version of OS that isn’t getting updates.
Second, install those security updates. New/current devices normally will automatically install updates for you.
Use secure encryption. Try to use HTTPS whenever possible, or a well-known application that is securely encrypted. Anyway, most websites you visit nowadays likely automatically use HTTPS if it’s available.
This advisory may be updated if any additional information regarding the above vulnerabilities becomes available.