loader-logo

FragAttacks – What you need to know

After nearly a year of responsible disclosure and vendor cooperation, Mathy Vanhoef, a well-respected Wi-Fi security researcher, released several vulnerabilities in the 802.11 protocol named FragAttacks.

FragAttacks, or Fragmentation and Aggregation Attacks, was published On May 11th, 2021. A detailed report of several vulnerabilities outlined the security shortcomings of how access points (APs) and devices receive and process Wi-Fi frames.

Wi-Fi devices and APs communicate by transmitting and receiving frames carrying data payloads and other information essential for Wi-Fi functionality. FragAttacks exploits how Wi-Fi devices and APs receive, store, and process frames.

FragAttacks allows an attacker to forge encrypted frames and obtain sensitive data from a target device or inject specially crafted packets towards the client, such as making a device use a malicious DNS server. 

The attacker would need to be near the victim to pull off this attack. The attacker will use a rogue AP to perform a man-in-the-middle attack to forge frames and exfiltrate data. 

What is affected?

FragAttacks impact nearly all APs and devices. Various operating systems such as Microsoft, Android, iOS, and Linux will require patches to fix the vulnerability.

Many vendors have developed an update that we recommend you apply to your infrastructure. We have listed vendor responses below.

We highly recommend keeping your Wi-Fi devices updated regularly. There haven’t been any updates from device manufacturers yet on a patch.

What should you do next?

There’s no need to panic.

Update your AP infrastructure. If you’re on a Cisco WLAN controller, you will need to update the code as soon as it is available. Be aware of the version you may need to update to as it could render older APs unsupported.

If you’re using cloud-managed APs, you will receive the patch depending on your update schedule. Meraki will come out with their patch in June 2021. Meraki MX appliances with Wi-Fi capability will receive an update in October 2021.

Patch your IoT devices when a patch is available. We encourage you to reach out to your IoT manufacturers to identify when a patch is released.

Educate yourself on the impact of FragAttacks and keep your IT team informed. Rowell has an episode released on the Clear To Send podcast in which he is a co-host.

Below are other resources for more information on FragAttacks.

Official FragAttacks website: https://fragattacks.com/
Official FragAttacks Paper: https://papers.mathyvanhoef.com/usenix2021.pdf
FragAttacks Overview: https://papers.mathyvanhoef.com/fragattacks-overview.pdf


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.


[gravityforms id=16 title=false description=false]
<script type="text/javascript">if(!gform){document.addEventListener("gform_main_scripts_loaded",function(){gform.scriptsLoaded=!0}),window.addEventListener("DOMContentLoaded",function(){gform.domLoaded=!0});var gform={domLoaded:!1,scriptsLoaded:!1,initializeOnLoaded:function(o){gform.domLoaded&&gform.scriptsLoaded?o():!gform.domLoaded&&gform.scriptsLoaded?window.addEventListener("DOMContentLoaded",o):document.addEventListener("gform_main_scripts_loaded",o)},hooks:{action:{},filter:{}},addAction:function(o,n,r,t){gform.addHook("action",o,n,r,t)},addFilter:function(o,n,r,t){gform.addHook("filter",o,n,r,t)},doAction:function(o){gform.doHook("action",o,arguments)},applyFilters:function(o){return gform.doHook("filter",o,arguments)},removeAction:function(o,n){gform.removeHook("action",o,n)},removeFilter:function(o,n,r){gform.removeHook("filter",o,n,r)},addHook:function(o,n,r,t,i){null==gform.hooks[o][n]&&(gform.hooks[o][n]=[]);var e=gform.hooks[o][n];null==i&&(i=n+"_"+e.length),null==t&&(t=10),gform.hooks[o][n].push({tag:i,callable:r,priority:t})},doHook:function(o,n,r){if(r=Array.prototype.slice.call(r,1),null!=gform.hooks[o][n]){var t,i=gform.hooks[o][n];i.sort(function(o,n){return o.priority-n.priority});for(var e=0;e<i.length;e++)"function"!=typeof(t=i[e].callable)&&(t=window[t]),"action"==o?t.apply(null,r):r[0]=t.apply(null,r)}if("filter"==o)return r[0]},removeHook:function(o,n,r,t){if(null!=gform.hooks[o][n])for(var i=gform.hooks[o][n],e=i.length-1;0<=e;e--)null!=t&&t!=i[e].tag||null!=r&&r!=i[e].priority||i.splice(e,1)}}}</script> <div class='gf_browser_unknown gform_wrapper gravity-theme' id='gform_wrapper_16' ><form method='post' enctype='multipart/form-data' id='gform_16' action='/fragattacks-what-you-need-to-know/' > <div class='gform_body gform-body'><div id='gform_fields_16' class='gform_fields top_label form_sublabel_below description_below'><fieldset id="field_16_1" class="gfield gfield_contains_required field_sublabel_below field_description_below gfield_visibility_visible" ><legend class='gfield_label gfield_label_before_complex' >Name<span class="gfield_required"><span class="gfield_required gfield_required_text">(Required)</span></span></legend><div class='ginput_complex ginput_container no_prefix has_first_name no_middle_name no_last_name no_suffix gf_name_has_1 ginput_container_name' id='input_16_1'> <span id='input_16_1_3_container' class='name_first' > <input type='text' name='input_1.3' id='input_16_1_3' value='' aria-label='First name' aria-required='true' placeholder='First Name' /> <label for='input_16_1_3' >First</label> </span> </div></fieldset><div id="field_16_2" class="gfield gfield--width-full gfield_contains_required field_sublabel_below field_description_below gfield_visibility_visible" ><label class='gfield_label' for='input_16_2' >Email<span class="gfield_required"><span class="gfield_required gfield_required_text">(Required)</span></span></label><div class='ginput_container ginput_container_email'> <input name='input_2' id='input_16_2' type='text' value='' class='large' placeholder='Business email address' aria-required="true" aria-invalid="false" /> </div></div><fieldset id="field_16_3" class="gfield gfield_contains_required field_sublabel_below field_description_below gfield_visibility_visible" ><legend class='gfield_label gfield_label_before_complex' >Consent<span class="gfield_required"><span class="gfield_required gfield_required_text">(Required)</span></span></legend><div class='ginput_container ginput_container_checkbox'><div class='gfield_checkbox' id='input_16_3'><div class='gchoice gchoice_16_3_1'> <input class='gfield-choice-input' name='input_3.1' type='checkbox' value='I consent to the processing and sharing with partners of the personal data that I provide Packet 6 for this activity in accordance with and as described in the &lt;a href=&quot;https://packet6.com/privacy-policy&quot; target=&quot;_new&quot;&gt;Privacy Policy&lt;/a&gt;' id='choice_16_3_1' /> <label for='choice_16_3_1' id='label_16_3_1'>I consent to the processing and sharing with partners of the personal data that I provide Packet 6 for this activity in accordance with and as described in the <a href="https://packet6.com/privacy-policy" target="_new">Privacy Policy</a></label> </div></div></div></fieldset><div id="field_16_4" class="gfield gform_validation_container field_sublabel_below field_description_below gfield_visibility_visible" ><label class='gfield_label' for='input_16_4' >Name</label><div class='ginput_container'><input name='input_4' id='input_16_4' type='text' value='' /></div><div class='gfield_description' id='gfield_description_16_4'>This field is for validation purposes and should be left unchanged.</div></div></div></div> <div class='gform_footer top_label'> <input type='submit' id='gform_submit_button_16' class='gform_button button' value='Get the report' onclick='if(window["gf_submitting_16"]){return false;} window["gf_submitting_16"]=true; ' onkeypress='if( event.keyCode == 13 ){ if(window["gf_submitting_16"]){return false;} window["gf_submitting_16"]=true; jQuery("#gform_16").trigger("submit",[true]); }' /> <input type='hidden' class='gform_hidden' name='is_submit_16' value='1' /> <input type='hidden' class='gform_hidden' name='gform_submit' value='16' /> <input type='hidden' class='gform_hidden' name='gform_unique_id' value='' /> <input type='hidden' class='gform_hidden' name='state_16' value='WyJbXSIsImY4MGVlNTA5MGVjMWYzYzU5NzUyOGFhOWE3ZGFiMzRlIl0=' /> <input type='hidden' class='gform_hidden' name='gform_target_page_number_16' id='gform_target_page_number_16' value='0' /> <input type='hidden' class='gform_hidden' name='gform_source_page_number_16' id='gform_source_page_number_16' value='1' /> <input type='hidden' name='gform_field_values' value='' /> </div> </form> </div>