Blog / FragAttacks: What they are and how to protect yourself
In case you hadn’t heard, the big news in computer security right now are FragAttacks. FragAttacks (Fragmentation and Aggregation Attacks) consist of 12 separate vulnerabilities revolving around how wireless devices split up and transmit data. Wired connections send each packet of data individually, but this process is too wasteful for wireless connections, which combine the tiny packets into a single larger packet. FragAttacks take advantage of this behavior and exploit the rules set down by Wi-Fi standards, as well as some common mistakes made by various vendors of wireless devices.
Some of these attacks are aimed at client devices like laptops and computers. Others are aimed at access points. So unfortunately this is one of those situations where everything is going to need an update to patch the flaws. Depending on the type of attack used, the hacker can change the DNS server a devices uses (to one they control), exfiltrate data from the network, or even perform a full takeover (although this is an extremely complicated, multiphase attack that requires user interaction).
First, some good news:
- These attacks are technically challenging, making them difficult to pull off.
- These attacks require the attacker to be part of your network, either as a client device or a rogue access point.
- Overall this means FragAttacks are going to be rare and you needn’t be hugely worried about them.
That’s great! So what’s the bad news?
- Even though FragAttacks will be rare, you’re likely still vulnerable.
- Fixing the vulnerability means patching all wireless devices, including all access points and everything that connects to them (computers, laptops, printers, and mobile devices of all kinds).
Some vendors, like Microsoft, have released some patches for these attacks already but many have not. Also, because many of the vulnerabilities revolve around improper implementation of the current wireless standards, figuring out if you’re vulnerable or not isn’t straight forward. There is a testing tool available that can be used to test your networks, but it’s currently limited to running on two specific flavors of Unix with eight different wireless cards. Even if you want to try and test your equipment, you may not have the right hardware to do it with. The supported network cards are fairly common but it’s still a potential hang up that could get in the way.
Even though these attacks are complicated and shouldn’t be a cause for immediate anxiety, the fact remains that the number of wireless devices in the world is absolutely massive, creating a vast potential attack surface. With most devices being potentially vulnerable, a skilled and motivated attacker has an insanely large pool of potential targets. It seems likely that someone is going to try and make use of these attacks. It’s really only a question of who and when.
Since defending against these vulnerabilities ultimately requires the equipment to be patched, FragAttacks are just one more reason for organizations to make certain that they have an official policy regarding updates. You should be monitoring for any and all available patches on all of your equipment and software. If an update is available it should be prioritized for installation as part of an official update schedule. This process should be formalized so that your organization can hold itself accountable.
Hamlet actually has something useful to say in this situation; “Suit the action to the word, the word to the action.”
If you have any questions about FragAttacks, please reach out to your TRINUS Account Manager for some stress-free IT.
By Kind, Courtesy of Your Friendly Neighbourhood Cyber-Man.