Security Tech industry quietly patches FragAttacks Wi-Fi flaws that leak data, weaken security

[J65nko]

From https://www.theregister.com/2021/05/12/krack_hack_wifi/

Quote:

A dozen Wi-Fi design and implementation flaws make it possible for miscreants to steal transmitted data and bypass firewalls to attack devices on home networks, according to security researcher Mathy Vanhoef.

On Tuesday, Vanhoef, a postdoctoral researcher in computer security at New York University Abu Dhabi, released a paper titled, "Fragment and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation" [PDF].

Scheduled to be presented later this year at the Usenix Security conference, the paper describes a set of wireless networking vulnerabilities, including three Wi-Fi design flaws and nine implementation flaws.

[snip]
In total, 75 devices – network card and operating system combinations (Windows, Linux, Android, macOS, and iOS) – were tested and all were affected by one or more of the attacks.

NetBSD and OpenBSD were not affected because they don't support the reception of A-MSDUs (aggregate MAC service data units).

See https://github.com/vanhoefm/fragattacks#readme for some Linux tools to check for these flaws.

[jggimi]

There was a great deal of online discussion about the 9-month-long embargo on these flaws. From what I gather, only the largest IT firms were able to obtain information during this period; all others were excluded from the opportunity.

[J65nko]

Quote:

Originally Posted by J65nko

NetBSD and OpenBSD were not affected because they don't support the reception of A-MSDUs (aggregate MAC service data units).
.

Arstechnica.com's article when discussing one of the many security flaws states:

Quote:

Vanhoef said that it’s possible to perform the attack without user interaction when the target’s access point is vulnerable to CVE-2021-26139, one of the 12 vulnerabilities that make up the FragAttacks package. The security flaw stems from a kernel flaw in NetBSD 7.1 that causes Wi-Fi access points to forward Extensible Authentication Protocol (AP) over LAN frames to other devices even when the sender has not yet authenticated to the AP.

[e1-531g]

OpenBSD was vulnerable to at least one of vulnerabilities, see:
FragAttacks: Presentation at USENIX Security '21. Time 10:03