Hey,
You might of heard about the latest WiFi security vulnerability called “FragAttacks” (Frame and aggregation attacks)
We have put this blog together to try and collate & consolidate all the information possible for you regarding this into one place. This blog will be updated with more information as we get it.
Detailed blog on Frag Attacks from Mathy Vanhoef – https://twitter.com/vanhoefm
A really good 6 minute demo video of how these can be exploited:
The Industry Consortium for Advancement of Security on the Internet (ICASI) announced the coordinated disclosure of a series of vulnerabilities related to the functionality of Wi-Fi devices: https://www.icasi.org/aggregation-fragmentation-attacks-against-wifi/
White paper on FragAttack:
https://papers.mathyvanhoef.com/usenix2021.pdf
Great blog (as always) from Jim Palmer:
Below are the security advisory notices from some of the vendors.
It is worth just noting here quickly that Mist have already released FW upgrade versions that fixes these vulnerabilities.
Mist / Juniper:
https://www.mist.com/documentation/mist-security-advisory-fragattacks-and-faq
Cisco Systems:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu
HPE/Aruba Networks
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-011.txt
Microsoft:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-24587
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-24588
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-26144
Sierra Wireless:
Wi-Fi Alliance:
https://www.wi-fi.org/security-update-fragmentation
We will keep you all updated with any news as we hear it!
WiFi Ninjas
x
