Posted on : By : Roméo Diaz Posted in : Non classé

Frag Attacks

Discovered and named by Mathy Vanhoef (New York University Abu Dhabi) on May 11, 2021, the FragAttacks (fragmentation and aggregation attacks) are a group of a dozen vulnerabilities that affect not only the WEP protocol but also other recent protocols such as WPA3. The vulnerabilities discovered are mainly located in the exchanges with the addition or modification of information, all the terminals connected to the network are therefore vulnerable.

According to Mathy Vanhoef’s research, three of the vulnerabilities are design flaws in the 802.11 standard. The researcher also said that these vulnerabilities are complex to exploit. However, he draws attention to weaknesses related to WiFi implementation flaws at the terminal level, as these can be directly exposed.

I will briefly present below the 3 design flaws of the 802.11 standard, to go into more detail I invite you to read the detailed information provided by Mathy Vanhoef.

1- Aggregation Attack (CVE-2020-24588)

The first design weakness is located in the 802.11 header and more specifically in the “is aggregated” flag, which is neither authenticated nor encrypted during the transmission of the frame. An attacker can therefore modify this field and thus allow a packet injection. An example of an attack would be to transmit a malicious DNS server to a client. After extensive testing by Mathy Vanhoef, it was found that all devices are vulnerable to this attack.

2- Mixed Key Attack (CVE-2020-24587)

The second design weakness in Wi-Fi is in the frame fragmentation function. This feature, in principle, allows the reliability of the connection through the division of large frames into small fragments. Thus, the same key is used to encrypt each fragment of the same frame. However, the receivers are not obliged to check the keys and could gather fragments decrypted with different keys. Even if the cases are rare, it is still possible to exploit this flaw to exfiltrate data. To do this, fragments encrypted with different keys must be mixed.

It must be said that this design flaw is correctable in a backwards compatible way through an exclusive gathering of fragments that have been decrypted with the same key. Since this attack is relatively rare, it is classified as a “theoretical attack”.

3- Fragment Cache Attack (CVE-2020-24586)

The third design weakness of Wi-Fi, like the second, is the frame fragmentation function. The problem lies in the fact that when a user disconnects from the network, the Wi-Fi device does not necessarily delete the fragments from the memory, which have remained uncollected. This can lead to abuse, especially in hotspot networks. This design flaw can lead to data exfiltration through the injection of a malicious fragment into the “fragment cache”. Thus, when the victim sends a fragmented frame after connecting to the access point, the selected fragments are combined with those injected by the adversary. This design flaw can be corrected in a backwards compatible way. This can be achieved by deleting the fragments when “reconnecting” or disconnecting to a network.

4- Some other cases

Another vulnerability that is important to note is the one noticed on some routers that transfer EAPOL frames to another client before the sender even authenticates. Through this vulnerability, attacks can be performed by aggregation by injecting arbitrary frames without any user interaction. The other implementation flaw that is very common concerns receivers that do not check that all fragments belong to the same frame. This flaw can allow other frames to be formed that come from mixing two different frames. Some devices do not support aggregation or fragmentation, but are still vulnerable to attack since they consider fragmented frames to be complete frames. It is possible that this flaw can be used to inject packets.

More details to follow

To go further :

https://www.fragattacks.com/

Posted on : By : Roméo Diaz Posted in : Non classé

WPA3 Overviewcw

Published by the Wi-Fi Alliance in 2018, the WPA3 protocol is an updated version of the WPA2 protocol released in 2004. This update allows a better security of exchanges as well as an evolution in connection with the development of uses (multiplication of hotspot, IoT, …).

In despite of the progress in terms of security that WPA3 represents, there are some known vulnerabilities, for example online dictionary attacks, which can be blocked with an IDS/IPS, or some of the Frag Attacks vulnerabilities.

The initial version of WPA3 included the different features presented in the following article, however the final version only requires the EAS. The implementation of the other features remains at the free choice of the manufacturers. The DPP has its own certification.

OWE (Opportunistic Wireless Encryption)

Until the introduction of WPA3, public Wi-FIs are usually configured in open mode and therefore do not have a password. The good practice is to set up a captive portal to force people to authenticate. The fact that this network is not protected exposes us to two major risks: passive eavesdropping and man-in-the-middle attacks.

With the implementation of OWE, we will be able to rule out the possibility of passive eavesdropping on traffic. It describes a method for clients and access points to establish an encrypted session based on a Diffie-Hellman key exchange. The session keys are unique and this is transparent to the user.

DPP Device Provisioning Protocol / Easy Connect™

The DPP protocol is being implemented to address the security weaknesses of WPS (Wi-Fi Protected Access) and to facilitate the deployment of IoT objects. Unlike its predecessor with DPP allows authenticating devices on the network without passwords using QR codes or NFC tags.

This feature is not mandatory to obtain the WPA3 certification from the Wi-Fi Alliance, this feature is part of the Easy Connect Wi-fi Certified program.

Protected management Frames

One of the classic attack vectors of WPA2 Personnal is the capture of authentication exchanges that can later allow to perform an offline dictionary attack in order to break the PSK. To do so, the attacker can send deauthentication frames to force the client to initiate a new connection process and thus generate the frames desired by the attacker.

This protection of management frames is not a new feature of WPA3, it existed in previous versions, but it has been further developed.

Simultaneous Authentication of Equals (SAE)

In order to overcome the above-mentioned attack which consists in capturing the handshake and then breaking it offline with a dictionary, WPA3 uses a new key negotiation mechanism based on Dragonfly exchange. During negotiation, the keys are never sent, which eliminates the threat of an attacker capturing the 4-way handshake and then performing an offline attack. This key exchange mechanism is already implemented for 802.11s mesh networks.

Contribution of elliptic curves

One of the first changes in WPA3 compared to WPA2 is the generation of keys. WPA3 introduces the use of elliptic curves in Diffie-Hellman exchanges (DHCE) to reduce the size of the keys and therefore the resources needed for encryption. For example, for a 128-bit AES encryption the public key has a size of 3072 bits with the use of the Modular Exponential algorithm (MODP) against 256 bits with the use of ECDH.

To go further :

WPA3, OWE and DPP | Hemant Chaskar | WLPC Phoenix 2019 | Wireless LAN Professionals

Posted on : By : Roméo Diaz Posted in : Non classé

802.11 retries: Explanation of the most common causes and corrections

Frame retransmissions occur when frames must be resent by a client or access point due to an error. Monitoring the retransmission rate will allow the detection of possible configuration or interference problems, but it is not possible to indicate a threshold for proper operation. Depending on the services used, the maximum rate to ensure proper operation will be different, real time applications or VoIP will require a much lower retransmission rate (<10%) than file transfer or web browsing for example. In the rest of this article we will explain what a high retransmission rate implies and why it can become problematic, and then we will look at the most common causes of retransmissions.

When a unicast frame is not acknowledged by the client it is retransmitted by the sender. This can be due to two factors, either the frame was never received, or the CRC is not valid, which may indicate a corruption of the frame and in this case the receiver does not transmit an acknowledgement frame. This can be in the direction of the client to the access point or vice versa. Following a transmission failure, this will have two impacts on the retransmission:

  • The transmission rate (or MCS) used by the station will be lowered in order to support a low SNR more easily
  • The contention window will double at each attempt in order to detect more easily a possible collision

These actions require time, not only the time of retransmissions of the packet, but also the packet will be sent more slowly with a greater delay.

Here are 3 of the most common reasons for retransmissions:

Interference

Cause:

  • Non 802.11 interference
  • Co Channel Interference

Identification:

  • Spectral analysis
  • Wifi passive survey

Resolution:

  • Identification of interference sources
  • Use of 5GHz or 6GHz (less interference and more available channels)

Weak signal

Cause:

  • Weak signal (area not covered)
  • Roaming problem / Sticky client
  • Incorrect configuration of transmission powers

Identification :

  • Wifi survey (active or passive)
  • Analysis of packet exchanges
  • Audit of configuration and connection logs

Resolution:

  • Activation of lower transmission speeds
  • Re-adjustment of the configuration of the access points and equipment
  • Enable 802.11k and 802.11r functionality to facilitate client roaming

Collisions

Cause:

  • Hidden nodes
  • Too many devices on one access point

Identification:

  • Airtime analysis

Resolution:

  • Perform a redesign of the access point implementation and capacity

The retransmission rate is more important in a wireless network than in a wired network due to the transmission medium. The air is a place of shared transmission between clients, but also with other equipment using other modes of communication or using the same frequencies for other purposes. This cohabitation makes the configuration of our equipment particularly difficult and requires both a good knowledge and understanding of the RF environment but also a regular monitoring of this indicator in addition to regular audits to anticipate possible incidents or disturbances.