{"id":248251,"date":"2021-05-12T23:50:46","date_gmt":"2021-05-12T20:50:46","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/every-wi-fi-device-back-to-1997-likely-vulnerable-to-fragattacks-review-geek\/"},"modified":"2021-05-12T23:50:46","modified_gmt":"2021-05-12T20:50:46","slug":"every-wi-fi-device-back-to-1997-likely-vulnerable-to-fragattacks-review-geek","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/every-wi-fi-device-back-to-1997-likely-vulnerable-to-fragattacks-review-geek\/","title":{"rendered":"#Every Wi-Fi Device Back to 1997 Likely Vulnerable to FragAttacks \u2013 Review Geek"},"content":{"rendered":"<p><strong>&#8220;#Every Wi-Fi Device Back to 1997 Likely Vulnerable to FragAttacks \u2013 Review Geek&#8221;<\/strong><\/p>\n<div id=\"article-content-area\">\n<figure style=\"width: 1920px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"type:primaryImage wp-image-82565 size-full\" src=\"https:\/\/www.reviewgeek.com\/p\/uploads\/2021\/05\/3d152c91.jpg?width=1200\" alt=\"The FragAttack logo (a wifi symbol with many broken symbols) over a grey background.\" width=\"1920\" height=\"1080\" data-credittext=\" Darlee Urbiztondo\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><figcaption class=\"wp-caption-text\"><span class=\"type:primaryImage imagecredit\"> Darlee Urbiztondo<\/span><\/figcaption><\/figure>\n<p><span data-preserver-spaces=\"true\">Mathy Vanhoef, a\u00a0<\/span><span data-preserver-spaces=\"true\">security researcher known for finding holes in Wi-Fi security, has found a new avenue of breaking into Wi-Fi devices dubbed <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.fragattacks.com\/\">FragAttacks<\/a> (fragmentation and aggregation attacks). The method works on every Wi-Fi device back to 1997, but thankfully some patches are already out.<\/span><\/p>\n<p><span data-preserver-spaces=\"true\">FragAttacks comprise a <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/watch-movies-tv-seriess\/\" data-internallinksmanager029f6b8e52c=\"8\" title=\"Watch Movies &amp; TV Series\" target=\"_blank\" rel=\"noopener\">series<\/a> of vulnerabilities, three of which go back to Wi-Fi implementation introduced in 1997. The vulnerabilities affect all modern Wi-Fi security protocols, from WPA-3 all the back to WEP.\u00a0<\/span><\/p>\n<p><span data-preserver-spaces=\"true\"><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/youtu.be\/88YZ4061tYw\">In a demonstration<\/a>, Vanhoef showed that the FragAttacks lead to several worrying possibilities. The demo shows Vanhoef turning on and off insecurity IOT smart plugs, stealing usernames and passwords, and even taking over a Windows 7 machine inside a \u201csecure\u201d network. Stealing credentials and taking over computers is a big worry, to say the least.<\/span><\/p>\n<p><iframe loading=\"lazy\" title=\"FragAttacks: Demonstration of Flaws in WPA2\/3\" width=\"640\" height=\"360\" src=\"https:\/\/www.youtube.com\/embed\/88YZ4061tYw?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><\/p>\n<p><span data-preserver-spaces=\"true\">To understand the vulnerabilities, it\u2019s important to know how a Wi-Fi network works. Networks prevent getting overwhelmed by breaking down data into packets for transmission. These data packet fragments are later collected and reassembled. Rather than transmitting all the data together, sending fragments with smaller frames will help throughput on a network.\u00a0<\/span><\/p>\n<p><span data-preserver-spaces=\"true\">Frames are similar to data packets; they\u2019re small parts of a message on a network. Frames serve as a handshake between devices and will contain more information about the message than a packet will. The vulnerabilities attack those facets of Wi-Fi networks to inject malicious frames on the network. FragAttacks can trick your network into accepting a fraudulent handshake message.<\/span><\/p>\n<p><span data-preserver-spaces=\"true\">When your network accepts the handshake message, it then accepts a second subframe connected to the first \u201chandshake message,\u201d which passes on the real malicious data. As Vanhoef put it, \u201cIn a sense, one part of the code will think the frame is a handshake message and will accept it even though it\u2019s not encrypted. Another part of the code will instead see it as an aggregated frame and will process the packet that the adversary wants to inject.\u201d<\/span><\/p>\n<p><span data-preserver-spaces=\"true\">The attack works with any Wi-Fi device and network, even ones that don\u2019t support fragmentation and aggregation. That\u2019s because those devices treat subframes as full frames and accept the malicious data. Several flaws in Wi-Fi implementation make all of this possible.<\/span><\/p>\n<p><span data-preserver-spaces=\"true\">The good <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">news<\/a> is, Vanhoef disclosed the vulnerabilities responsibly and gave a nine-month lead time. Microsoft already released patches for Windows 10 that should mitigate the problem, and a fix for Linux is coming. But that still leaves plenty of IOT devices, routers, and macOS vulnerable. Vanhoef even managed to trick a macOS device to switch to a malicious DNS server, redirecting unsuspecting users to sites owned by a hacker. And with a malicious DNS server in place, the hacker could exfiltrate private data, like usernames, passwords, and possibly more.<\/span><\/p>\n<p><span data-preserver-spaces=\"true\">The better news is, most of the vulnerabilities are hard to advantage of in the wild. At least currently. But, Vanhoef says the programming flaws that led to the vulnerability are trivial to abuse. You can, however, mitigate the exfiltration problem by sticking to HTTPS sites. Properly secured sites will prevent the bad actor from seeing your data in transit.<\/span><\/p>\n<p><span data-preserver-spaces=\"true\">For now, update your devices as quickly as you can, especially Windows 10 devices as Microsoft already released patches. And stick to HTTPS whenever possible, whether or not you\u2019re up to date. The newly opened <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.fragattacks.com\/\">FragAttacks site<\/a> describing the vulnerabilities also suggests \u201cdisabling fragmentation, disabling pairwise rekeys, and disabling dynamic fragmentation in Wi-Fi 6 (802.11ax) devices.\u201d And an opensource tool <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/github.com\/vanhoefm\/fragattacks\">on Github<\/a> can help test if your routers are still vulnerable.<\/span>\n<\/div>\n<p><script>\nsetTimeout(function(){\n  !function(f,b,e,v,n,t,s)\n  {if(f.fbq)return;n=f.fbq=function(){n.callMethod?\n  n.callMethod.apply(n,arguments):n.queue.push(arguments)};\n  if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version='2.0';\n  n.queue=[];t=b.createElement(e);t.async=!0;\n  t.src=v;s=b.getElementsByTagName(e)[0];\n  s.parentNode.insertBefore(t,s)}(window, document,'script',\n  'https:\/\/connect.facebook.net\/en_US\/fbevents.js');\n  fbq('init', '1137093656460433');\n  fbq('track', 'PageView');\n  },3000);\n<\/script><\/p>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener\">Technology category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/www.reviewgeek.com\/82521\/every-wi-fi-device-back-to-1997-likely-vulnerable-to-fragattacks\/\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;#Every Wi-Fi Device Back to 1997 Likely Vulnerable to FragAttacks \u2013 Review Geek&#8221; Darlee Urbiztondo Mathy Vanhoef, a\u00a0security researcher known for finding holes in Wi-Fi security, has found a new avenue of breaking into Wi-Fi devices dubbed FragAttacks (fragmentation and aggregation attacks). The method works on every Wi-Fi device back to 1997, but thankfully some&#8230;<\/p>\n","protected":false},"author":1,"featured_media":248252,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.reviewgeek.com\/p\/uploads\/2021\/05\/3d152c91.jpg","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[],"class_list":["post-248251","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/248251","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=248251"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/248251\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/248252"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=248251"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=248251"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=248251"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}