All Wi-Fi-enabled Devices Vulnerable to at Least One New Frag Attacks

A Belgian academic and security researcher Mathy Vanhoef has discovered a series of vulnerabilities that impact Wi-Fi devices of models dating back to 1997, in other words, all devices sold for the past 24 years.
“The discovery of these vulnerabilities comes as a surprise because the security of Wi-Fi has in fact significantly improved over the past years,” the Belgian researcher said.
Vanhoef said some exploits may require user interaction, therefore, they can’t be used in widespread worm-like attacks but could be useful in targeted espionage ones.
To perform one of these attacks, dubbed Frag Attacks, an attacker needs to be within a device’s Wi-Fi radio range. A hacker than can gather information about the owner and device and compromise a device – a computer, smartphone, or another smart device – by executing malicious code.
The Wi-Fi standard’s security protocols, such as WEP and WPA, do not protect against these Frag Attacks.
“Three of the discovered vulnerabilities are design flaws in the Wi-Fi standard and therefore affect most devices,” the Belgian researcher said.
The rest are vulnerabilities caused “by widespread programming mistakes [in the implementation of the Wi-Fi standard] in Wi-Fi products,” Vanhoef said.
Experiments he conducted showed that any WiFi-enabled device is affected by at least one vulnerability and that most devices are affected by several vulnerabilities.
Previously, Vanhoef’s research into the KRACK and Dragonblood attacks helped to improve the security of Wi-Fi standards. The flaws from his latest findings reside in older sections of the Wi-Fi protocol and have already been deployed in devices for decades.
Vanhoef reported discretely his findings to the Wi-Fi Alliance and for the past nine months, the organization has been working to fix its standard and collaborated with device vendors to release firmware patches.
Vanhoef has listed mitigations for users to protect against attacks on his website. The most basic protection is to ensure that users are accessing sites via HTTPS connections, which blocks the attacks from taking place. An additional FAQ section answering various other questions is also included on Vanhoef’s site.
Some device makers have already released patches for Frag Attacks, but some have not. Microsoft has rolled out fixes for three of the 12 bugs that impact Windows systems. Cisco, HPE/Aruba, and Sierra Wireless have also released patches. Other vendors are working to release their fixes in the coming weeks.
Vanhoef will give an in-depth talk about his findings later this year at the USENIX ’21 security conference. The research paper with all the technical details is available online [PDF].