Security researcher Mathy Vanhoef – who previously found the Krack and DragonBlood Wi-Fi attacks – has just revealed a dozen flaws affecting nearly all Wi-Fi networks, including those using WPA3 encryption. Grouped under the name “Frag Attacks”, they allow sensitive data to be intercepted or directly attacked equipment within a Wi-Fi network, as can be seen in a demonstration video.
Three of these flaws are linked to design errors in the Wi-Fi standard. One of these flaws (CVE-2020-24588) had been discovered in the meantime, but it was not considered very serious at that time. . It is true that these design errors are quite difficult to exploit, since a hacker can only take advantage of them under certain technical conditions and require interaction with the user.
The other nine flaws are related to implementation errors. They are much easier to use and in particular allow the injection of unencrypted Wi-Fi frames into the traffic. A hacker could thus hijack a user’s navigation to a fake site, not the intermediary of a malicious DNS server. This injection would also bypass the firewall of a router to directly access a machine on a local network and execute malicious code.
Also to discover in video:
For the more technophiles among you, know that Mathy Vanhoef has made a tool available on GitHub to test the vulnerability of your equipment. This revelation was made in agreement with the providers of Wi-Fi solutions. This is why a large number of them are already offering security patches. A list is available on The Verge website. Using VPN and / or HTTPS connections also helps protect against a number of these attacks.
Sources : Fragattacks.com, The Verge