FragAttacks Foil 2 Decades of Wireless Security

The evolution of wireless security could at best be described as trial and error. The initial standard that debuted in the late 1990s — Wired Equivalent Privacy (WEP) — had significant security problems, and the first two version of Wireless Protected Access, WPA and WPA2, both have been found to be vulnerable to a variety of other security issues.

The trials continue with a host of so-called fragmentation attacks, or FragAttacks, that abuse the aggregation and fragmentation to allow machine-in-the-middle attacks. Details of the vulnerabilities, which have been kept secret for nine months, were disclosed at the Black Hat USA briefings on Aug. 5.

The issues occur in the way that small network packets are combined for transport, known as aggregation, or the way that large network packets are split up to improve reliability, known as aggregation. Even devices using WPA3, the latest wireless security standard, can be vulnerable, Mathy Vanhoef, a postdoctoral researcher at New York University Abu Dhabi, said during his Black Hat presentation.

"The fragmentation and aggregation functionality of Wi-Fi were never considered security-essential, so no one really looked at them," he said, adding: "This really shows that all implementations are vulnerable — even, surprisingly, those that don't support fragmentation and those that don't support aggregation."

The vulnerabilities — which Vanhoef described as design flaws in the IEEE 802.11 standard, more commonly known as Wi-Fi — were described in a paper released in June. The issues allow a local attacker who has fooled a victim into connecting to an attacker-controlled server to then insert themselves into the Wi-Fi network as a machine in the middle.

Vanhoef characterized these as design flaws because the specific mitigations are optional and not required, a lesson for future implementers of the standard.

"We should adopt defenses early, even if the concerns are theoretic, because that, for example, would have prevented the aggregation design flaw," he said. In addition, testing the software should be part of the credentialing process for vendors' devices, he added. "We should keep fuzzing devices; ... the Wi-Fi Alliance could fuzz devices while they are being certified."

Vanhoef discovered three design flaws in the current Wi-Fi standard. The first, CVE-2020-24588, allows an attacker to abuse the way that Wi-Fi aggregates smaller data packets into larger frames to optimize wireless data rates. The researcher used the attack to send victims on the local Wi-Fi network to an attacker-controlled domain name service (DNS) server, and then onto malicious website.

A second flaw, CVE-2020-24587, takes advantage of the specification's failure to verify that each fragment of a packet is using the same encryption key. Using a specially constructed packet, an attacker can append code onto a legitimate fragment of the victim's original packet.

"While this actually seems secure, the problems begin when fragmentation is combined with session-key renewal," Vanhoef said. "When the key is renewed, the packet numbers will be reset to 0. ... The problem is that the receiver will reassemble the packets even if the sender used different encryption keys."

The final flaw, CVE-2020-24586, takes advantage of the lack of deletion of packet fragments from legitimate users on a Wi-Fi network. A malicious user can cache packets on the Wi-Fi network, which, under certain circumstances, will be inserted into other users' packets.

To allow vendors and researchers to verify the issues, Vanhoef published a testing tool to GitHub. The software requires the credentials of the Wi-Fi network, so it is not considered an attack tool.

Many device makers still do not handle vulnerability disclosure well. Vanhoef worked with the Wi-Fi Alliance to disclose the issues to vendors, and most issued patches. Vanhoef modified the test tool for specific vendors and continues to work with the group to support vendors.

"To my surprise, some companies were not happy, even if they managed to write patches for most devices," he said. "I was actually happy that most devices got patches, because usually that is not the case for Wi-Fi."

At the end of 2020, two new security measures became standard for WPA3 — operating channel validation and beacon protection — and while they make the fragmentation attacks harder, they are still possible.