A security researcher has uncovered 12 vulnerabilities in the 802.11 wi-fi standard that are said to affect “every wi-fi product” in some way, with major vendors starting to release firmware updates.
The flaws have all been assigned Common Vulnerabilities and Exposures (CVE) identifiers, and the researcher that uncovered them, Mathy Vanhoef, grouped them as fragmentation and aggregation attacks, or ‘FragAttacks’.
“An adversary that is within radio range of a victim can abuse these vulnerabilities to steal user information or attack devices,” Vanhoef wrote.
“The biggest risk in practice is likely the ability to abuse the discovered flaws to attack devices in someone’s home network. For instance, many smart home and internet-of-things devices are rarely updated, and wi-fi security is the last line of defence that prevents someone from attacking these devices.
“Unfortunately, due to the discover vulnerabilities, this last line of defence can now be bypassed.
“The wi-fi flaws can also be abused to exfiltrate transmitted data.”
Vanhoef said that three of the discovered vulnerabilities “are design flaws in the wi-fi standard and therefore affect most devices.”
“On top of this, several other vulnerabilities were discovered that are caused by widespread programming mistakes in wi-fi products,” he wrote.
“Experiments indicate that every wi-fi product is affected by at least one vulnerability and that most products are affected by several vulnerabilities.”
Vanhoef said that all modern security protocols of wi-fi, “including the latest WPA3 specification … [and] even the original security protocol of wi-fi, called WEP, is affected.”
“This means that several of the newly discovered design flaws have been part of wi-fi since its release in 1997,” he wrote.
“Fortunately, the design flaws are hard to abuse because doing so requires user interaction or is only possible when using uncommon network settings.”
Vanhoef was previously responsible for uncovering the KRACK (or key reinstallation attack) flaw in the WPA2 security protocol for wi-fi networks, which led to the development of more secure wi-fi protocols.
The Industry Consortium for Advancement of Security on the Internet (ICASI) said that industry worked with Vanhoef over the past nine months to understand the FragAttacks vulnerabilities and coordinate a response.
A number of vendors including Cisco, HPE/Aruba, Juniper Networks, Microsoft and Sierra Wireless have already started releasing firmware updates for a range of wi-fi enabled devices from access points to IP phones.
A research paper on the vulnerabilities has also been released [pdf].
