WiFi devices going back to 1997 vulnerable to new Frag Attacks
https://therecord.media/wifi-devices-going-back-to-1997-vulnerable-to-new-frag-attacks/
A Belgian security researcher has discovered a series of vulnerabilities that impact the WiFi standard, with some bugs dating back as far back as 1997 and affecting devices sold for the past 24 years.
The vulnerabilities, known as Frag Attacks, allow an attacker within a device’s WiFi radio range to gather information about the owner and run malicious code to compromise a device, may it be a computer, smartphone, or other smart device.
Devices are also vulnerable even if the WiFi standard’s security protocols were activated, such as WEP and WPA.
#WiFi #vulnerability #frag
https://therecord.media/wifi-devices-going-back-to-1997-vulnerable-to-new-frag-attacks/
A Belgian security researcher has discovered a series of vulnerabilities that impact the WiFi standard, with some bugs dating back as far back as 1997 and affecting devices sold for the past 24 years.
The vulnerabilities, known as Frag Attacks, allow an attacker within a device’s WiFi radio range to gather information about the owner and run malicious code to compromise a device, may it be a computer, smartphone, or other smart device.
Devices are also vulnerable even if the WiFi standard’s security protocols were activated, such as WEP and WPA.
#WiFi #vulnerability #frag
therecord.media
WiFi devices going back to 1997 vulnerable to new Frag Attacks
A Belgian security researcher has discovered a series of vulnerabilities that impact the WiFi standard, with some bugs dating back as far back as 1997 and affecting devices sold for the past 24 years.
Holes in the WiFi
https://lwn.net/Articles/856044/
The discoverer of the KRACK attacks against WPA2 encryption in WiFi is back with a new set of flaws in the wireless-networking protocols. FragAttacks is a sizable group of WiFi vulnerabilities that (ab)use the fragmentation and aggregation (thus "Frag") features of the standard. The fixes have been coordinated over a nine-month period, which has allowed security researcher Mathy Vanhoef time to create multiple papers, some slide decks, a demo video, patches, and, of course, a web site and logo for the vulnerabilities.
Three of the vulnerabilities are design flaws in the WiFi standards, so they are likely present in all implementations, while the other nine are various implementation-specific problems. The design flaws may be more widespread, but they are much harder to exploit "because doing so requires user interaction or is only possible when using uncommon network settings". That means the real danger from FragAttacks lies in the programming errors in various WiFi implementations. "Experiments indicate that every Wi-Fi product is affected by at least one vulnerability and that most products are affected by several vulnerabilities."
In fact, in the FAQ section of the web site, Vanhoef offers to list any products that he can verify as not having been affected by the flaws described on the site. He also notes that even though the design flaws are difficult to exploit on their own, they can be combined with the other flaws found to make for a much more serious problem. "In other words, for some devices the impact is minor, while for others it's disastrous."
...
#wifi #hole #vulnerability
https://lwn.net/Articles/856044/
The discoverer of the KRACK attacks against WPA2 encryption in WiFi is back with a new set of flaws in the wireless-networking protocols. FragAttacks is a sizable group of WiFi vulnerabilities that (ab)use the fragmentation and aggregation (thus "Frag") features of the standard. The fixes have been coordinated over a nine-month period, which has allowed security researcher Mathy Vanhoef time to create multiple papers, some slide decks, a demo video, patches, and, of course, a web site and logo for the vulnerabilities.
Three of the vulnerabilities are design flaws in the WiFi standards, so they are likely present in all implementations, while the other nine are various implementation-specific problems. The design flaws may be more widespread, but they are much harder to exploit "because doing so requires user interaction or is only possible when using uncommon network settings". That means the real danger from FragAttacks lies in the programming errors in various WiFi implementations. "Experiments indicate that every Wi-Fi product is affected by at least one vulnerability and that most products are affected by several vulnerabilities."
In fact, in the FAQ section of the web site, Vanhoef offers to list any products that he can verify as not having been affected by the flaws described on the site. He also notes that even though the design flaws are difficult to exploit on their own, they can be combined with the other flaws found to make for a much more serious problem. "In other words, for some devices the impact is minor, while for others it's disastrous."
...
#wifi #hole #vulnerability
lwn.net
Holes in the WiFi
The discoverer of the KRACK attacks
against WPA2 encryption in WiFi is back with a new set of flaws in the
wireless-networking protocols. FragAttacks is a sizable group of
WiFi vulnerabilities that (ab)use the fragmentation and aggregation (thus
"Frag") features…
against WPA2 encryption in WiFi is back with a new set of flaws in the
wireless-networking protocols. FragAttacks is a sizable group of
WiFi vulnerabilities that (ab)use the fragmentation and aggregation (thus
"Frag") features…