A new series of attacks against almost every Wi-Fi router has been posted called FragAttacks. Anyone who can receive radio signals from your router or Wi-Fi hotspot can use these vulnerabilities and steal data from your devices. The issue is the design of the Wi-Fi protocols themselves, along with programming errors to certain Wi-Fi devices. Some products have multiple issues and a dozen different CVEs have been posted that document them.
The vulnerabilities were discovered by Mathy Vanhoef, who will be back teaching in the fall at KU Leuven University in Belgium and has worked with a team at New York University in Abu Dhabi. The group tested more than 75 different devices and discovered flaws in Wi-Fi protocols going back to the turn of the millennium. He will present papers at various information security conferences this summer. (His presentation at USENIX is already available.)
Vanhoef isn’t new to Wi-Fi exploits: he discovered the Krack attack back in 2017. This uncovered a problem with the WPA2 protocols, which is one of the reasons why you should no longer use them.
The good news is that the protocol design flaws aren’t easy to take advantage of and there hasn’t been any evidence that any attacker has actually exploited these flaws — at least, not yet. The bad news is that the programming errors are almost trivial to exploit. Lifehacker says that the vulnerabilities are “thankfully obscure enough and require just enough of a physical presence that you should be fine as long as you’re staying on top of your security and updates — which you should be doing anyway.”
In this screencast demo, you can see how the researchers clone the wireless access point to operate on a different channel (one that they can use to record network traffic and take control over an outdated Windows 7 machine). It relies on some very careful elements, such as using a malicious source of DNS, packet injections and firewall bypasses.
Video credit: Mathy Vanhoef (YouTube)
Action items
As mentioned earlier, it's unlikely that FragAttacks are something that you'll need to worry about. Certainly, you should consider protecting your data by improving website security to always use HTTPS to encrypt all traffic. Many mobile web apps are now using this by default, which means that mobile users can’t be compromised by FragAttacks. You should pay careful attention to logins to websites to ensure they take place over encrypted connections.
Second, use this as a reminder that you need to update your Wi-Fi and broadband firmware regularly. Check to see if your vendor has announced fixes. The researchers have worked on a coordinated disclosure with many of the leading Wi-Fi vendors and organizations over the past nine months to try to get these fixed. (For example, Eero has already updated its firmware, Intel and Linksys will soon release updates and Cisco has issued this advisory.)
Finally, it's always a good idea to use a VPN when using any public Wi-Fi network.