Mathy Vanhoef, a security researcher, says that there are 12 design and implementation flaws in Wi-Fi that make it possible for bad people to steal transmitted data and get around firewalls to attack devices on home networks.
Vanhoef, a computer security postdoctoral researcher at New York University Abu Dhabi, put out a paper on Tuesday called “Fragment and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation” (PDF).
The paper talks about a set of wireless networking flaws, including three design flaws in Wi-Fi and nine implementation flaws. It will be presented at the Usenix Security conference later this year.
Vanhoef and co-author Frank Piessens found “key reinstallation attacks,” or “KRACKs,” on the WPA2 protocol in 2017. This protocol is used to keep Wi-Fi communications safe. Vanhoef’s latest research project is called “fragmentation and aggregation attacks,” or “FragAttacks.”
Since wireless networking first came out in 1997, all Wi-Fi security protocols, from WEP to WPA3, have been affected by a dozen flaws.
Tech industry weaken quietly fragattacks wifi:
“One design flaw is in the functionality of frame aggregation, and two more are in the functionality of frame fragmentation,” Vanhoef writes in his paper. “These design flaws make it possible for an adversary to fake encrypted frames in different ways, which lets sensitive data get out.”
He also found flaws in the way frame aggregation, which is the process of putting together multiple network data frames, and frame fragmentation, which is the process of breaking network data frames into smaller pieces, are done. These flaws make attacks more dangerous.
The 802.11 frame aggregation flaw involves flipping a flag in a frame header that says “unauthenticated.” This lets the encrypted data payload be read as if it were a group of frames instead of a single network packet.
The paper says, “We take advantage of this to inject arbitrary frames, and then we intercept a victim’s traffic by making it use a malicious DNS server.” “This attack could be used to break into almost every device we tested.”
In total, 75 devices were tested, each with a different combination of network cards and operating systems (Windows, Linux, Android, macOS, and iOS). All of them were affected by at least one of the attacks.
NetBSD and OpenBSD were not affected because they don’t allow A-MSDUs to be received (aggregate MAC service data units).
Fragging made dangerous
As for the two design flaws in frame fragmentation, one has to do with the fact that all the pieces of a frame are encrypted with the same key, but the people who get the data don’t have to check that this is true. In his paper, Vanhoef says, “We show that an adversary can use this missing check to forge frames and steal data by mixing fragments encrypted with different keys.”
The other problem is that when a frame receiver connects to a different network, it doesn’t have to get rid of incomplete fragments from its memory. Vanhoef was able to take advantage of this by injecting malicious fragments into the fragment cache. This lets him inject any packets.
Various implementation flaws include data receivers that don’t check whether fragments belong to the same frame, which lets an attacker mix and matches fake frames, not checking whether frame fragments are encrypted or not, and manipulating handshake messages to inject plaintext aggregated frames.
For these flaws to be used in an attack, the attacker must be in the same area as both the victim and the Wi-Fi access point. Then, the bad guy would have to trick the victim into doing something on the network, like downloading an image from a server controlled by the bad guy.
The attacker can then send a bad IPv4 packet over the network. As usual, the packet is encrypted, but the attacker will then set a flag so that the data will be treated as an aggregated frame. This makes it possible for any packet to be injected, such as a router ad to use a malicious DNS server.
Vanhoef has put a tool on GitHub that can check if Wi-Fi clients and access points are vulnerable. He has also put a PoC attack demonstration on YouTube.
As a result of Vanhoef’s research, the following CVEs were made:
- CVE-2020-24588: aggregation attack (accepting non-SPP A-MSDU frames).
- CVE-2020-24587: mixed key attack (reassembling fragments encrypted under different keys).
- CVE-2020-24586: fragment cache attack (when (re)connecting to a network, not clearing fragments from memory).
- Accepting plaintext broadcast pieces as full frames (CVE-2020-26135) (in an encrypted network).
- CVE-2020-26144: Using EtherType EAPOL to accept plaintext A-MSDU frames that start with an RFC1042 header (in an encrypted network).
- Accepting plaintext data frames in a secure network, which is CVE-2020-26140.
- Accepting plaintext data frames that are broken up in a secure network.
- CVE-2020-26139: Sending EAPOL frames when the sender hasn’t been verified yet (should only affect APs).
- CVE-2020-26146: Putting together encrypted pieces with packet numbers that don’t go in order.
- CVE-2020-26147: Putting together pieces that are both encrypted and plaintext.
- CVE-2020-26142: Treating broken frames as if they were whole frames.
- CVE-2020-26141: The TKIP MIC of broken frames is not checked.
- Thanks to a nine-month coordinated responsible disclosure led by the Wi-Fi Alliance and the Industry Consortium for Advancement of Security on the Internet, patches have already been put in place for many of the devices and software that were vulnerable (ICASI).
There are now fixes for Linux, and a note on the kernel mailing list says that Intel has fixed the flaws in a recent firmware update without saying so. Microsoft’s patches were finally made public on March 9, 2021, even though Redmond had already promised to do so.
READ MORE ARTICLES;