Wikipedia

FragAttacks

FragAttacks, or fragmentation and aggregation attacks, are a group of Wi-Fi vulnerabilities discovered by security research Mathy Vanhoef.[1] Since the vulnerabilities are design flaws in the Wi-Fi standard, any device released after 1997 could be vulnerable.[1] The attack can be executed without special privileges.[2] The attack was detailed on August 5, 2021 at Black Hat Briefings USA and at later at the USENIX 30th Security Symposium, where recordings are shared publicly.[3][4] The attack does not leave any trace in the network logs.[5]

FragAttacks
CVE identifier(s)CVE-2020-24588,

CVE-2020-24587,
CVE-2020-24586,
CVE-2020-26145,
CVE-2020-26144,
CVE-2020-26140,
CVE-2020-26143,
CVE-2020-26139,
CVE-2020-26146,
CVE-2020-26147,
CVE-2020-26142,

CVE-2020-26141
DiscovererMathy Vanhoef
FragAttacks demonstration by Mathy Vanhoef

Patches

edit

Vanhoef worked with the Wi-Fi Alliance to help vendors issue patches.[3]

Microsoft started issuing patches for Windows 7 through Windows 10 on May 11, 2021.[6]

References

edit
  1. ^ a b "Most Wi-Fi Devices Released Since 1997 Are Vulnerable to FragAttacks". PCMAG. Retrieved 2021-05-13.
  2. ^ "Decades-Old 'Frag Attack' Flaws Affect Almost Every Wi-Fi Device". Wired. ISSN 1059-1028. Retrieved 2021-06-22.
  3. ^ a b "FragAttacks Foil 2 Decades of Wireless Security". Dark Reading. 2021-08-06. Retrieved 2021-12-25.
  4. ^ Vanhoef, Mathy (2021). Fragment and Forge: Breaking {Wi-Fi} Through Frame Aggregation and Fragmentation. pp. 161–178. ISBN 978-1-939133-24-3.
  5. ^ "Why We Need to Raise the Red Flag Against FragAttacks". Dark Reading. 2021-07-13. Retrieved 2021-12-25.
  6. ^ "Update Windows (and Lots of Other Stuff) ASAP: 'FragAttack' Bugs Found Lurking in Millions of Wifi Devices". Gizmodo. 12 May 2021. Retrieved 2021-06-22.
edit


 

This computer security article is a stub. You can help Wikipedia by expanding it.

Retrieved from "https://en.wikipedia.org/w/index.php?title=FragAttacks&oldid=1229869083"