FragAttacks
{{missing info|how the attack functions|date=June 2024}}
{{Infobox bug|CVE={{CVE|2020-24588}},
{{CVE|2020-24587|link=no}},
{{CVE|2020-24586|link=no}},
{{CVE|2020-26145|link=no}},
{{CVE|2020-26144|link=no}},
{{CVE|2020-26140|link=no}},
{{CVE|2020-26143|link=no}},
{{CVE|2020-26139|link=no}},
{{CVE|2020-26146|link=no}},
{{CVE|2020-26147|link=no}},
{{CVE|2020-26142|link=no}},
{{CVE|2020-26141|link=no}}|discoverer=Mathy Vanhoef}}
FragAttacks, or fragmentation and aggregation attacks, are a group of Wi-Fi vulnerabilities discovered by security research Mathy Vanhoef. Since the vulnerabilities are design flaws in the Wi-Fi standard, any device released after 1997 could be vulnerable.{{Cite web|title=Most Wi-Fi Devices Released Since 1997 Are Vulnerable to FragAttacks|url=https://www.pcmag.com/news/most-wi-fi-devices-released-since-1997-are-vulnerable-to-fragattacks|access-date=2021-05-13|website=PCMAG|language=en}} The attack can be executed without special privileges.{{Cite magazine|title=Decades-Old 'Frag Attack' Flaws Affect Almost Every Wi-Fi Device|language=en-US|magazine=Wired|url=https://www.wired.com/story/frag-attack-wi-fi-vulnerabilities|access-date=2021-06-22|issn=1059-1028}} The attack was detailed on August 5, 2021 at Black Hat Briefings USA and at later at the USENIX 30th Security Symposium, where recordings are shared publicly.{{Cite web|date=2021-08-06|title=FragAttacks Foil 2 Decades of Wireless Security|url=https://www.darkreading.com/iot/fragattacks-foil-2-decades-of-wireless-security/d/d-id/1341595|access-date=2021-12-25|website=Dark Reading|language=en}}{{Cite book|last=Vanhoef|first=Mathy|date=2021|title=Fragment and Forge: Breaking {Wi-Fi} Through Frame Aggregation and Fragmentation|url=https://www.usenix.org/conference/usenixsecurity21/presentation/vanhoef|language=en|pages=161–178|isbn=978-1-939133-24-3}} The attack does not leave any trace in the network logs.{{Cite web|date=2021-07-13|title=Why We Need to Raise the Red Flag Against FragAttacks|url=https://www.darkreading.com/attacks-breaches/why-we-need-to-raise-the-red-flag-against-fragattacks/a/d-id/1341485|access-date=2021-12-25|website=Dark Reading|language=en}}
Patches
Vanhoef worked with the Wi-Fi Alliance to help vendors issue patches.
Microsoft started issuing patches for Windows 7 through Windows 10 on May 11, 2021.{{Cite web|title=Update Windows (and Lots of Other Stuff) ASAP: 'FragAttack' Bugs Found Lurking in Millions of Wifi Devices|url=https://gizmodo.com/update-windows-and-lots-of-other-stuff-asap-fragatta-1846878065|access-date=2021-06-22|website=Gizmodo|date=12 May 2021 |language=en-us}}
References
{{Reflist}}
External links
- [https://eprint.iacr.org/2021/763.pdf Fragment and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation] by Mathy Vanhoef
Category:Computer-related introductions in 2021
Category:Computer security exploits
{{computer-security-stub}}