ANSECURITY RESPONSE TO THE ‘FRAGATTACKS’ AS REPORTED BY THE WI-FI ALLIANCE

On 11th May 2021, Wi-Fi Alliance® shared that security researchers identified new vulnerabilities in Wi-Fi devices. The vulnerability is called FragAttacks and it is a so-called Man-In-The-Middle (MITM) vulnerability that relates to the way network traffic is sent between Wi-Fi access points and user and IoT devices.

It’s important to note that there is presently no evidence of the vulnerabilities being used against Wi-Fi users maliciously and these issues are mitigated through routine device updates once updated firmware becomes available.

Below, we have given our official response to FragAttacks and also our Wi-Fi partner Ruckus (Commscope)’s official response. If you are with a different Wi-Fi vendor then remediation is likely to be similar. However, please do check with them and their support page on their recommendations on how to remediate.

If you have any questions on anything included in this email or on the vulnerability itself, we are more than happy to help. There are two ways of contacting us:

  1. Contact us on 0845 226 0462 or enquiries@ansecurity.com
  2. Contact your account manager if you’re an existing customer

FragAttacks and the Wi-Fi Alliance

Following a responsible disclosure and coordinated response the Wi-Fi Alliance has reported a series of vulnerabilities which if successfully exploited can result in a ‘Man-in-the-Middle’ attack when using an unpatched device and unpatched wireless network.

This vulnerability is using the reporting name ‘FragAttacks’ and affects almost all Wi-Fi devices (clients and access points) as the flaws which allow exploit exist in both the Wi-Fi protocol as well as the vendors implementation. At this time there is no evidence of malicious use of these vulnerabilities and exploitation requires close proximity to the target and a series of complex actions by the threat actor (some of which requires exploitation of social engineering against the target).

Ruckus (Commscope) response

Ruckus has committed to patching the releases of SmartZone, Cloud, ZoneDirector, Unleased detailed at this link: https://support.ruckuswireless.com/fragattacks-ruckus-technical-support-response-center. Patches for newer software versions are being released first and given the high degree of complexity required to exploit these vulnerabilities we advise our customers to deploy these patches as part of their regular maintenance schedule.

Complete protection

To provide complete protection against this vulnerability the client side (Laptops/Phones/Tablets/IoT devices) will also require patching typically through device driver updates or firmware updates. Organisations should deploy these patches as part of their regular maintenance schedule.

Alternative mitigations

Ruckus has identified additional mitigations (prior to the release and deploy of patches) at this link: https://www.commscope.com/fragattacks-commscope-ruckus-resource-center/faqs.

Further reading

  1. Wi-Fi alliance announcement: https://www.wi-fi.org/security-update-fragmentation
  2. Commscope announcement: https://www.commscope.com/blog/2021/wi-fi-alliance-discloses-fragattacks/
  3. Commscope FragAttacks resource centre: https://www.commscope.com/fragattacks-commscope-ruckus-resource-center
  4. Ruckus FragAttacks resource centre: https://support.ruckuswireless.com/fragattacks-ruckus-technical-support-response-center
  5. Academic paper detailing the vulnerability: https://papers.mathyvanhoef.com/usenix2021.pdf

 

Image by Freepik


LET’S TALK ABOUT  YOUR CYBER SECURITY