Security researcher Mathy Onehoff has again exposed vulnerabilities in WLAN. After dealing with an encrypted WLAN network via WPA2 with a so-called crack attack (key-ray-use attack) in 2017, Oneohif has now exposed design flaws using DRTA in the WLAN protocol.
Frame as a gateway to the attackers
“Fragattacks” means “Fragmentation and Aggregation Attacks”, in which fragmentation and aggregation are considered separately, but if security gaps are found they come together in terms of frames. To increase throughput in WLAN networks, in so-called aggregation, frames are added and a header flag is given. It is actually this flag that represents a gateway for potential attackers, as it is not necessarily authenticated and therefore change is possible. Although an authentication standard, it is rarely used.
As a result of this negligence, for example, malicious packets may be trafficked as soon as the client establishes a compromised server or connection to the server used for an attack. According to Onehoff, this enables DNS spoofing, for example, and thus the connection recurrence.
The term fragmentation refers to frame fragmentation, through which large frames are split, and fragmentation cache. In the first case, the data can be diverted, although rare circumstances are required to do so through a design error. Regarding the cache, the intrusion of manipulated frames for the purpose of diverting data represents a gateway for attackers. Several other errors in relation to the frame, including those mentioned by Vonhoff, enable foreign connections to be infiltrated without any other contact.
The situation is difficult to assess
The final extent of the affected WLAN devices and platforms, as well as the effects, is difficult to assess. Self-design flaws are usually difficult to exploit, but some tools often make it easier for potential attackers due to errors in implementation. During the research, a total of 75 WLAN devices and platform combinations were tested and were always weak. However, Vanohiff does not dare to generalize to all WLAN devices around the world.
A common remedy to prevent data leakage in the context of vulnerabilities is to use HTTPS for connection as soon as you are on the Internet. However, this becomes more problematic in the case of targeted attacks on devices, for example bypassing firewalls. The only thing that helps here is to update the WLAN devices and plug the weak points. However, they are well taken care of by long-term manufacturers, so that eventually diversified, especially older products are likely to remain susceptible.
Matching patches have already been created by Vanhoef in collaboration with developers of the Linux kernel, with additional driver and firmware updates by the manufacturer, including protective measures in the context of elimination of several implementation errors, along with design errors of the protocol. Can’t be ruled out.
Intel and Microsoft have already made improvements
At Intel, improvements have already been made and Microsoft has also closed the gap under Windows in early March, although clear information is missing in both cases. Initial completion of the holes by Microsoft is due to the originally planned publication date of the discovered security holes, which was postponed at the request of the Wi-Fi Alliance.
If you want to get more information about weak points, then you will find the right one Scientific work by vanhoef Find it even one Brief summary Is moreover Lecture video Available during the eugenics conference. Tinkers with sufficient Linux knowledge can also use the tools to gain certainty about the vulnerability of their own WLAN devices. Among other things, they are in the form of a live USB image finished in one Github-Repository To find
They: Via golem.de
Links marked with * are affiliate links. Affiliate links are not advertisements because we are independent in researching and selecting the products offered. We receive a small commission for the sale of the product, which we use to partially finance the website’s free content.