NOTICE FragAttack WiFi

We have been made aware by the Wifi Alliance about a new set of Wifi vulnerabilities, called “FragAttacks”. This is not a Wifi Manufacturer problem, but an issue for the whole industry concerning all devices that use the 802.11 Wi-Fi protocol.

IT Hospitality is closely following with the manufacturers to make sure that fixes will be shared as soon as possible to have all hardware updated.

Find below details and clarifications :  

Description 

On May 11, 2021, the Wi-Fi Alliance (WFA) revealed a new set of Wi-Fi vulnerabilities called the FragAttacks.  

This is a collection of 12 Common Vulnerabilities and Exposures (CVEs) as described in this paper by Mathy Vanhoef of New York University Abu Dhabi. This is the same researcher who previously discovered the KRACK and Dragonblood vulnerabilities. In FragAttacks, some attacks exploit both design flaws in the IEEE 802.11 Wi-Fi protocol (i.e. the design of the original protocol in the standard) and the implementation flaws (i.e. how vendors chose to implement the protocol), while the remaining attacks exploit only the implementation flaws.

Impact 

All devices that use the 802.11 Wi-Fi protocol are susceptible to the FragAttacks vulnerability. These vulnerabilities may be exploited by an attacker using a man-in-the-middle (MITM) attack to exfiltrate data from the network.   

All Wi-Fi Access Points (APs) and Wi-Fi client devices across our industry, including RUCKUS APs, are susceptible to the FragAttacks vulnerability.  

This vulnerability does NOT impact IT Hospitality WIFI networks.

We are actively engaged with all Wi-Fi Manufacturers to identify affected products and assess methods of remediation.   

Fixes 

IT Hospitality will download software fixes for this vulnerability from Wifi Manufacturers. Both Wi-Fi access points and the Wi-Fi client devices must be patched to fix the vulnerability. 802.11ax (Wi-Fi 6) and 802.11ac Wave 2 APs will be fixed first as a priority.

Legacy APs (802.11ac Wave 1 and earlier) will receive fixes once available. 

Resources 

  1. Central Resource center for all collateral related to FragAttacks – Central Resource Center
  2. Security Bulletin and Software patches  – support site