APT actors use authentication bypass techniques and Pulse Secure Zero-Day
Fragmentation and aggregation attacks - or frag attacks - refer to
a set of design flaws and programming vulnerabilities affecting
Wi-Fi devices. Recent studies have shown that any attacker within
radio range of a target can potentially exploit these
vulnerabilities.
Research shows that the programming-related vulnerabilities pose a
greater risk, while the design flaws may prove more difficult to
exploit due to the need for user interaction or unusual network
settings. Unfortunately, these vulnerabilities affect all modern
Wi-Fi security protocols, from today's latest WPA3 all the way
back to WEP from 1997 onwards. This means that a variety of
devices have likely had similar vulnerabilities for many years.
Given the improved security protocols for Wi-Fi products over the
years, these vulnerabilities came as a surprise. In fact,
researchers revealed that the bugs stemmed from some of the
earliest Wi-Fi protocols in the mid-1990s. However, the errors in
programming exist in all mobile devices.
Once an attacker gets close to a mobile device user, they may be
able to exploit the programming vulnerabilities by injecting
plaintext frames into a protected Wi-Fi network. Since certain
devices trust plaintext aggregated frames that look like handshake
messages, many users could fall victim to such an attack. Hackers
could then intercept traffic to that device by tricking the target
into using a malicious DNS server. Research further showed that
this vulnerability affected two out of four home routers tested,
as well as several IoT devices and various smartphones.
Other identified vulnerabilities include how the Wi-Fi standard
segments and reassembles network packets, allowing an attacker to
extract data during this transition process by injecting malicious
code.
Since becoming aware of these vulnerabilities, the Wi-Fi Alliance
has been working with device manufacturers for the past nine
months to mitigate these issues. At this point, Microsoft has
fixed three of the 12 bugs affecting Windows systems via patches
released on March 9th. Next we should be able to expect a
corresponding patch for the Linux kernel.
In addition, the Industry Consortium for the Advancement of
Security (ICASI) reported on the Internet that the companies
Cisco, HPE/Aruba Networks and Sierra Wireless have started
developing patches to fix the vulnerabilities.
For now, users can verify that their mobile devices have initiated
the required updates by examining the firmware change logs for the
relevant CVE listed on the ICASI website. Users who want an
alternative security option can ensure that they always visit
websites using the HTTPS protocol.