A well known Belgium security researcher, Mathy Vanhoef, who specialises in WiFi security has discovered a series of flaws that affect all WiFi devices and in particular all WiFi routers out there. Due to the nature of these vulnerabilities, he has christened them frag attacks aka fragmentation and aggregation attacks.
Routers the worker bees of the internet
They are hardly ever in plain sight but routers drive the internet by dutifully passing data from one point to another. At the front-line, you have your WiFi routers that interface with the final devices in your home. Often they too are hidden from plain view, in ceilings, cupboards and basements.
They say when something is out of sight it is easy to forget it. The same applies to routers. Even though they are important devices they are often forgotten and often these make them the Achilles heel of your network. Research and after research has shown the great lapses in router security.
Acer extensa 2519
Rarely Used 2019 SE2719H Dell Monitor + Gaming Mechanical Keyboard
Apple Airpods pro
Ipad Min 2
Here is what I have observed about routers in Zimbabwe:
- Most of them are cheap low-end devices
- Often the ISP technicians who install your internet leave the default password in place
- A lot of them have a universal ISP wide password
- A good number of them are nearing the end of life when they are finally installed at your premises and for this reason, a lot of people out there are using routers that are no longer getting updates.
- ISPs never bother to update the firmware of routers they supply. I am looking at you ZOL!
- Some of them come with custom firmware that cannot be updated
- They come with a basic flimsy little firewall that is sometimes not even turned on
This makes the newly discovered vulnerabilities especially dangerous for Zimbabweans as I will explain below.
How the attack works
According to Vanhoef the vulnerabilities in routers stem from two things:
- Errors made in the WiFi protocol itself means that every router made from 1997 to the latest shiny WiFi 6 WPA3 devices is affected.
- Several mistakes made in coding WiFi firmware which are so widespread to the extend almost every known device in use has at least one such mistake
I will be honest that’s about the only thing I understood about the vulnerabilities and how they work. Vanhoef has set up a dedicated website and there is the video above showing the attack in action.
How bad is it?
As I have already hinted above, this is not a single vulnerability rather flag attacks refers to a class of vulnerabilities so the severity thereof will depend on the exact flaws that your device has. The first mentioned errors involving mistakes in the WiFi protocol is really not a big deal as it would require you to act foolishly and allow the attacker in.
The severity of the other vulnerabilities really depends on the router you are running and the specific mistakes that were made. If you are feeling adventurous you can actually do a little bit of penetration testing on your own routers. Vanhoef has put some code on Github. You will need to be running Ubuntu 20.04 or Kali Linux (I keep telling you Ubuntu is powerful).
How to protect yourself
Now, this is where Zimbabwean WiFi routers are particularly a problem. Remember what I said about most of them being having reached their end of life it means there is really nothing you can do to fix your router. The same applies to ISP locked routers. There is no joy there.
Your best bet would be protecting yourself at the computer level. Thankfully Microsoft has already released a patch for its systems. You need to make sure that you have the latest software updates from Windows. I know how much people hate the disruptions that these updates cause when you have to wait for them to install but it’s for your own good.
Linux already has a patch but it’s hasn’t yet filtered down to most distros. Talking of Linux you can actually install OpenWrt a version of Linux on your old device that is no longer receiving firmware updates. That way you can remove the vulnerability from the router itself.