After nearly a year of responsible disclosure and vendor cooperation, Mathy Vanhoef, a well-respected Wi-Fi security researcher, released several vulnerabilities in the 802.11 protocol named FragAttacks.
FragAttacks, or Fragmentation and Aggregation Attacks, was published On May 11th, 2021. A detailed report of several vulnerabilities outlined the security shortcomings of how access points (APs) and devices receive and process Wi-Fi frames.
Wi-Fi devices and APs communicate by transmitting and receiving frames carrying data payloads and other information essential for Wi-Fi functionality. FragAttacks exploits how Wi-Fi devices and APs receive, store, and process frames.
FragAttacks allows an attacker to forge encrypted frames and obtain sensitive data from a target device or inject specially crafted packets towards the client, such as making a device use a malicious DNS server.
The attacker would need to be near the victim to pull off this attack. The attacker will use a rogue AP to perform a man-in-the-middle attack to forge frames and exfiltrate data.
What is affected?
FragAttacks impact nearly all APs and devices. Various operating systems such as Microsoft, Android, iOS, and Linux will require patches to fix the vulnerability.
Many vendors have developed an update that we recommend you apply to your infrastructure. We have listed vendor responses below.
- Juniper: https://www.mist.com/documentation/mist-security-advisory-fragattacks-and-faq
- Ruckus: https://support.ruckuswireless.com/fragattacks-ruckus-technical-support-response-center
- Cisco: https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-wifi-faf-22epcEWu.html
- Meraki: Same Cisco – starting in June 2021, October 2021 for MX with Wi-Fi capabilities
- Aruba: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-011.txt
We highly recommend keeping your Wi-Fi devices updated regularly. There haven’t been any updates from device manufacturers yet on a patch.
What should you do next?
There’s no need to panic.
Update your AP infrastructure. If you’re on a Cisco WLAN controller, you will need to update the code as soon as it is available. Be aware of the version you may need to update to as it could render older APs unsupported.
If you’re using cloud-managed APs, you will receive the patch depending on your update schedule. Meraki will come out with their patch in June 2021. Meraki MX appliances with Wi-Fi capability will receive an update in October 2021.
Patch your IoT devices when a patch is available. We encourage you to reach out to your IoT manufacturers to identify when a patch is released.
Educate yourself on the impact of FragAttacks and keep your IT team informed. Rowell has an episode released on the Clear To Send podcast in which he is a co-host.
Below are other resources for more information on FragAttacks.
Official FragAttacks website: https://fragattacks.com/
Official FragAttacks Paper: https://papers.mathyvanhoef.com/usenix2021.pdf
FragAttacks Overview: https://papers.mathyvanhoef.com/fragattacks-overview.pdf