FragAttacks: Difference between revisions

FragAttacks
CVE identifier(s)	CVE-2020-24588,; CVE-2020-24587,; CVE-2020-24586,; CVE-2020-26145,; CVE-2020-26144,; CVE-2020-26140,; CVE-2020-26143,; CVE-2020-26139,; CVE-2020-26146,; CVE-2020-26147,; CVE-2020-26142,; CVE-2020-26141
Discoverer	Mathy Vanhoef

Browse history interactively

← Previous edit Next edit →

Content deleted Content added

VisualWikitext

Inline

Revision as of 14:55, 25 December 2021

FragAttacks, or fragmentation and aggregation attacks, are a group of Wi-Fi vulnerabilities discovered by security research Mathy Vanhoef.^[1] Since the vulnerabilities are design flaws in the Wi-Fi standard, any device released after 1997 could be vulnerable.^[1] The attack can be executed without special privileges.^[2] The attack was detailed on August 5, 2021 at Black Hat Briefings USA and at later at the USENIX 30th Security Symposium, where recordings are shared publicly.^[3]^[4] The attack does not leave any trace in the network logs.^[5]

Patches

Vanhoef worked with the Wi-Fi Alliance to help vendors issue patches.^[3]

Microsoft started issuing patches for Windows 7 through Windows 10 on May 11, 2021.^[6]

References

^ ^a ^b "Most Wi-Fi Devices Released Since 1997 Are Vulnerable to FragAttacks". PCMAG. Retrieved 2021-05-13.
^ "Decades-Old 'Frag Attack' Flaws Affect Almost Every Wi-Fi Device". Wired. ISSN 1059-1028. Retrieved 2021-06-22.
^ ^a ^b "FragAttacks Foil 2 Decades of Wireless Security". Dark Reading. 2021-08-06. Retrieved 2021-12-25.{{cite web}}: CS1 maint: url-status (link)
^ Vanhoef, Mathy (2021). "Fragment and Forge: Breaking {Wi-Fi} Through Frame Aggregation and Fragmentation": 161–178. ISBN 978-1-939133-24-3. {{cite journal}}: Cite journal requires |journal= (help)
^ "Why We Need to Raise the Red Flag Against FragAttacks". Dark Reading. 2021-07-13. Retrieved 2021-12-25.{{cite web}}: CS1 maint: url-status (link)
^ "Update Windows (and Lots of Other Stuff) ASAP: 'FragAttack' Bugs Found Lurking in Millions of Wifi Devices". Gizmodo. Retrieved 2021-06-22.

External Links

Fragment and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation by Mathy Vanhoef

Category:Computer-related introductions in 2021 Category:Computer security exploits Category:Wi-Fi

This computing article is a stub. You can help Wikipedia by expanding it.

[:0-1] "Most Wi-Fi Devices Released Since 1997 Are Vulnerable to FragAttacks". PCMAG. Retrieved 2021-05-13.

[2] "Decades-Old 'Frag Attack' Flaws Affect Almost Every Wi-Fi Device". Wired. ISSN 1059-1028. Retrieved 2021-06-22.

[:1-3] "FragAttacks Foil 2 Decades of Wireless Security". Dark Reading. 2021-08-06. Retrieved 2021-12-25.{{cite web}}: CS1 maint: url-status (link)

[4] Vanhoef, Mathy (2021). "Fragment and Forge: Breaking {Wi-Fi} Through Frame Aggregation and Fragmentation": 161–178. ISBN 978-1-939133-24-3. {{cite journal}}: Cite journal requires |journal= (help)

[5] "Why We Need to Raise the Red Flag Against FragAttacks". Dark Reading. 2021-07-13. Retrieved 2021-12-25.{{cite web}}: CS1 maint: url-status (link)

[6] "Update Windows (and Lots of Other Stuff) ASAP: 'FragAttack' Bugs Found Lurking in Millions of Wifi Devices". Gizmodo. Retrieved 2021-06-22.

[1]

[2]

[3]

[4]

[5]

[6]

@@ Line 1: / Line 1: @@
-{{AFC submission|d|nn|u=RayScript|ns=118|decliner=Stuartyeates|declinets=20210725101923|ts=20210622172116}} <!-- Do not remove this line! -->
-{{AFC comment|1=Not really in in-depth coverage that's needed for these things. To be honest, unless it makes it to the mainstream media and/or gets widely exploited I'm not sure it's ever going to get the coverage. [[User:Stuartyeates|Stuartyeates]] ([[User talk:Stuartyeates|talk]]) 10:19, 25 July 2021 (UTC)}}
-{{AFC comment|1=Write who is Mathy Vanhoef with reliable source/reference. I think no need to wikilink to Mathy Vanhoef. [[User:AntanO|Ant<span style="color:red">a</span>n]][[User talk:AntanO|<b style="color:red">O</b>]] 02:56, 18 July 2021 (UTC)}}
-----
 {{Infobox bug|CVE={{CVE|2020-24588}},<br>
 {{CVE|2020-24587|link=no}},<br>
@@ Line 20: / Line 12: @@
 {{CVE|2020-26141|link=no}}|discoverer=Mathy Vanhoef}}
-'''FragAttacks''', or fragmentation and aggregation attacks, are a group of [[Wi-Fi]] vulnerabilities discovered by security research [[Mathy Vanhoef]].<ref name=":0" /> Since the vulnerabilities are design flaws in the Wi-Fi standard, any device released after 1997 could be vulnerable.<ref name=":0">{{Cite web|title=Most Wi-Fi Devices Released Since 1997 Are Vulnerable to FragAttacks|url=https://www.pcmag.com/news/most-wi-fi-devices-released-since-1997-are-vulnerable-to-fragattacks|access-date=2021-05-13|website=PCMAG|language=en}}</ref> The attack can be executed without special privileges.<ref>{{Cite news|title=Decades-Old 'Frag Attack' Flaws Affect Almost Every Wi-Fi Device|language=en-US|work=Wired|url=https://www.wired.com/story/frag-attack-wi-fi-vulnerabilities|access-date=2021-06-22|issn=1059-1028}}</ref> The attack was detailed on August 5, 2021 at [[Black Hat Briefings]] USA and at later at the [[USENIX]] 30th Security Symposium, where recordings are shared publicly.<ref name=":1">{{Cite web|date=2021-08-06|title=FragAttacks Foil 2 Decades of Wireless Security|url=https://www.darkreading.com/iot/fragattacks-foil-2-decades-of-wireless-security/d/d-id/1341595|url-status=live|access-date=2021-12-25|website=Dark Reading|language=en}}</ref><ref>{{Cite journal|last=Vanhoef|first=Mathy|date=2021|title=Fragment and Forge: Breaking {Wi-Fi} Through Frame Aggregation and Fragmentation|url=https://www.usenix.org/conference/usenixsecurity21/presentation/vanhoef|language=en|pages=161–178|isbn=978-1-939133-24-3}}</ref> The attack doesn't leave any trace in the network logs.<ref>{{Cite web|date=2021-07-13|title=Why We Need to Raise the Red Flag Against FragAttacks|url=https://www.darkreading.com/attacks-breaches/why-we-need-to-raise-the-red-flag-against-fragattacks/a/d-id/1341485|url-status=live|access-date=2021-12-25|website=Dark Reading|language=en}}</ref>
+'''FragAttacks''', or fragmentation and aggregation attacks, are a group of [[Wi-Fi]] vulnerabilities discovered by security research [[Mathy Vanhoef]].<ref name=":0" /> Since the vulnerabilities are design flaws in the Wi-Fi standard, any device released after 1997 could be vulnerable.<ref name=":0">{{Cite web|title=Most Wi-Fi Devices Released Since 1997 Are Vulnerable to FragAttacks|url=https://www.pcmag.com/news/most-wi-fi-devices-released-since-1997-are-vulnerable-to-fragattacks|access-date=2021-05-13|website=PCMAG|language=en}}</ref> The attack can be executed without special privileges.<ref>{{Cite news|title=Decades-Old 'Frag Attack' Flaws Affect Almost Every Wi-Fi Device|language=en-US|work=Wired|url=https://www.wired.com/story/frag-attack-wi-fi-vulnerabilities|access-date=2021-06-22|issn=1059-1028}}</ref> The attack was detailed on August 5, 2021 at [[Black Hat Briefings]] USA and at later at the [[USENIX]] 30th Security Symposium, where recordings are shared publicly.<ref name=":1">{{Cite web|date=2021-08-06|title=FragAttacks Foil 2 Decades of Wireless Security|url=https://www.darkreading.com/iot/fragattacks-foil-2-decades-of-wireless-security/d/d-id/1341595|url-status=live|access-date=2021-12-25|website=Dark Reading|language=en}}</ref><ref>{{Cite journal|last=Vanhoef|first=Mathy|date=2021|title=Fragment and Forge: Breaking {Wi-Fi} Through Frame Aggregation and Fragmentation|url=https://www.usenix.org/conference/usenixsecurity21/presentation/vanhoef|language=en|pages=161–178|isbn=978-1-939133-24-3}}</ref> The attack does not leave any trace in the network logs.<ref>{{Cite web|date=2021-07-13|title=Why We Need to Raise the Red Flag Against FragAttacks|url=https://www.darkreading.com/attacks-breaches/why-we-need-to-raise-the-red-flag-against-fragattacks/a/d-id/1341485|url-status=live|access-date=2021-12-25|website=Dark Reading|language=en}}</ref>
 == Patches ==

FragAttacks
CVE identifier(s)	CVE-2020-24588, CVE-2020-24587, CVE-2020-24586, CVE-2020-26145, CVE-2020-26144, CVE-2020-26140, CVE-2020-26143, CVE-2020-26139, CVE-2020-26146, CVE-2020-26147, CVE-2020-26142, CVE-2020-26141
Discoverer	Mathy Vanhoef