Mathy Vanhoef
whiz.se
Description: We present three security design flaws in Wi-Fi and widepread implementation flaws. These can be abused to exfiltrate user data and attack local devices.
design (75795) wifi (3862) wi-fi (798) implementation (436) aggregation (269) vulnerability (176) fragmentation (17) wpa2 (4) fragattacks (1)
11 May 2021 — This website presents FragAttacks ( fr agmentation and ag gregation attacks ) which is a collection of new security vulnerabilities that affect Wi-Fi devices. An adversary that is within range of a victim's Wi-Fi network can abuse these vulnerabilities to steal user information or attack devices. Three of the discovered vulnerabilities are design flaws in the Wi-Fi standard and therefore affect most devices. On top of this, several other vulnerabilities were discovered that are caused by wides
The discovered vulnerabilities affect all modern security protocols of Wi-Fi, including the latest WPA3 specification. Even the original security protocol of Wi-Fi, called WEP, is affected. This means that several of the newly discovered design flaws have been part of Wi-Fi since its release in 1997! Fortunately, the design flaws are hard to abuse because doing so requires user interaction or is only possible when using uncommon network settings. As a result, in practice the biggest concern are the programm
The discovery of these vulnerabilities comes as a surprise, because the security of Wi-Fi has in fact significantly improved over the past years. For instance, previously we discovered the KRACK attacks , the defenses against KRACK were proven secure , and the latest WPA3 security specification has improved . Unfortunately, a feature that could have prevented one of the newly discovered design flaws was not adopted in practice, and the other two design flaws are present in a feature of Wi-Fi that was previo
Mathy Vanhoef
whiz.se