WatchGuard Blog

Wi-Fi vulnerabilities discovered that have existed since the beginning

In 2017, the analyst Mathy Vanhoef discovered several flaws in the WPA2 protocol used by most Wi-Fi networks today, which he called KRACK (an acronym for Key Reinstallation Attack). Four years later, the spotlight is back on Vanhoef within the cybersecurity community thanks to another surprising discovery: several Wi-Fi vulnerabilities that have existed right from the start of these protocols. 

Vanhoef has dubbed them FragAttacks, short for "Fragmentation and Aggregation Attacks." On his website, he has synthesized them into a dozen vulnerabilities with their corresponding CVE ID. They all work in different ways: one of them traps router information in certain processes, another one relies on handshake messages, and so on. What is striking is that some of them work under simple WEP protocol, which indicates that they have been around since they were first implemented in 1997.  

Broadly speaking, he believes they pose some danger as hackers could exploit them to intercept sensitive information or redirect them to malicious websites or content, even if they use Wi-Fi networks secured with more up-to-date protocols such as WPA2 or WPA3.  Vanhoef informed the Wi-Fi Alliance (the worldwide network of most companies that work with these protocols) so that they could be corrected before he disclosed them to the public. He states that to his knowledge these flaws haven’t been exploited so far. Moreover, in a video he made himself, he explains that some of them are very complex while others would be too "trivial" to exploit.  

Upgrades, HTTPS, Firewalls  

The security researcher recommends several more or less common cybersecurity measures to prevent hacking via Wi-Fi networks. These measures are: 

  • Updating devices: Many of the router manufacturers, both home and business, have already released patches with updates to cover these vulnerabilities, but it is always worth checking that all devices have been updated. 
  • Use HTTPS: Vanhoef cites another cybersecurity practice that should be the norm for everyone, but unfortunately isn’t: he recommends we only visit HTTPS-encrypted websites. For organizations, measures should be put in place so that company users cannot access insecure HTTP except under certain circumstances.  
  • DNS configuration: The analyst also states that cyber attacks can be mitigated (but not completely prevented) by disabling dynamic fragmentation, especially on Wi-Fi 6 (802.11ax) devices. 

Against all threats 

The above measures are practices that should be commonplace in cybersecurity for Wi-Fi networks, but this isn’t always the case. However, given the increasing sophistication of threats, MSPs need comprehensive protection that goes much further than these practices: WatchGuard's Cloud-Managed solutions for secure Wi-Fi address this need by generating a Trusted Wireless Environment (TWE) for the organization.  

This includes the security provided by the Wireless Intrusion Prevention System (WIPS), which WatchGuard has taken to another level: each WatchGuard access point (AP) has the flexibility to operate both as a conventional AP and as a WIPS cybersecurity sensor, thus protecting third-party access points. This comprehensive protection covers all six categories of Wi-Fi threats:

  • Evil Twins 
  • Misconfigured Access Points  
  • Rogue AP  
  • Rogue Client  
  • Neighbor Access Point 
  • Ad-Hoc Networks  

This will enable organizations to be better prepared for the exploitation of new and old Wi-Fi vulnerabilities, such as the flaws that Vanhoef has been discovering over the years, and for all kinds of threats over wireless networks.