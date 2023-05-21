from the more-holes-than-a-block-of-swiss-cheese dept.
Vulnerabilities in billions of Wi-Fi devices let hackers bypass firewalls:
One of the things that makes Wi-Fi work is its ability to break big chunks of data into smaller chunks and combine smaller chunks into bigger chunks, depending on the needs of the network at any given moment. These mundane network plumbing features, it turns out, have been harboring vulnerabilities that can be exploited to send users to malicious websites or exploit or tamper with network-connected devices, newly published research shows.
In all, researcher Mathy Vanhoef found a dozen vulnerabilities, either in the Wi-Fi specification or in the way the specification has been implemented in huge numbers of devices. Vanhoef has dubbed the vulnerabilities FragAttacks, short for fragmentation and aggregation attacks, because they all involve frame fragmentation or frame aggregation. Broadly speaking, they allow people within radio range to inject frames of their choice into networks protected by WPA-based encryption.
Assessing the impact of the vulnerabilities isn't straightforward. FragAttacks allow data to be injected into Wi-Fi traffic, but they don't make it possible to exfiltrate anything out. That means FragAttacks can't be used to read passwords or other sensitive information the way a previous Wi-Fi attack of Vanhoef, called Krack, did. But it turns out that the vulnerabilities—some that have been part of Wi-Fi since its release in 1997—can be exploited to inflict other kinds of damage, particularly if paired with other types of hacks.
"It's never good to have someone able to drop packets into your network or target your devices on the network," Mike Kershaw, a Wi-Fi security expert and developer of the open source Kismet wireless sniffer and IDS, wrote in an email. "In some regards, these are no worse than using an unencrypted access point at a coffee shop—someone can do the same to you there, trivially—but because they can happen on networks you'd otherwise think are secure and might have configured as a trusted network, it's certainly bad news."
He added: "Overall, I think they give someone who was already targeting an attack against an individual or company a foothold they wouldn't have had before, which is definitely impactful, but probably don't pose as huge a risk as drive-by attacks to the average person."
While the flaws were disclosed last week in an industry-wide effort nine months in the making, it remains unclear in many cases which devices were vulnerable to which vulnerabilities and which vulnerabilities, if any, have received security updates. It's almost a certainty that many Wi-Fi-enabled devices will never be fixed.
The linked article includes the gory details and a list of the applicable CVEs.
(Score: 2) by Frosty Piss on Sunday May 23, @05:21PM
In other news, scientists discover the Intertubes inherently dangerous, recommend nuking from space.
(Score: 0) by Anonymous Coward on Sunday May 23, @05:25PM
Some consumer firewalls to this day don't block traffic on port 0.
(Score: 0) by Anonymous Coward on Sunday May 23, @05:28PM
summary says: "they don't make it possible to exfiltrate anything out. That means FragAttacks can't be used to read passwords or other sensitive information"
actual page says: "three examples of how an adversary can abuse the vulnerabilities. First, the aggregation design flaw is abused to intercept sensitive information (e.g. the victim's username and password)"