A security researcher from Belgium has discovered multiple bugs that affect the WiFi standard used by all device manufacturers, and therefore, possibly affect every WiFi device developed using these standards. The researcher has named these multiple bugs as FragAttacks (fragmentation and aggregation attacks).
In addition, another chunk of vulnerabilities were discovered in the way Wi-Fi standards are implemented, called implementation flaws.
Besides, the design flaws are not being exploited in the wild, experts said.
Many ways to exploit bugs
Attackers can intercept device owners’ details by exploiting implementation flaws.
The implementation flaws (CVE-2020-26145 and CVE-2020-26144, among others) can be exploited by injecting frames into a protected WiFi network. In particular, an attacker can inject an unencrypted WiFi frame with a specially crafted frame.
These vulnerabilities are linked to the process where WiFi standard breaks and reassembles network packets, which could allow attackers to steal data by injecting malicious code during the operation.
Further, the flaws can be abused to compromise routers by bypassing the NAT or firewall, allowing the attackers to target vulnerable devices’ in the local WiFi network.
To prevent exploitation of these vulnerabilities, the researcher has suggested some general recommendations such as frequently updating IoT/smart devices, avoiding the reuse of passwords, and backing up important data. Moreover, users are recommended to manually configure the DNS server to stop poisoning attacks and make sure that the website uses HTTPS.