遅まきながら FragAttacks 脆弱性に関する覚え書き

no extension

ひと月以上前の話で恐縮だが,ほぼ全ての Wi-Fi 製品が該当するとされる通称 “FragAttacks” 脆弱性について遅まきながらまとめておく。

The discovered vulnerabilities affect all modern security protocols of Wi-Fi, including the latest WPA3 specification. Even the original security protocol of Wi-Fi, called WEP, is affected. This means that several of the newly discovered design flaws have been part of Wi-Fi since its release in 1997!

FragAttacks 脆弱性は複数ある。

設計上の欠陥(design flaws)とされるもの:

  • CVE-2020-24588: aggregation attack (accepting non-SPP A-MSDU frames).
  • CVE-2020-24587: mixed key attack (reassembling fragments encrypted under different keys).
  • CVE-2020-24586: fragment cache attack (not clearing fragments from memory when (re)connecting to a network).

実装上の脆弱性(implementation vulnerabilities)とされるもの:

  • CVE-2020-26145: Accepting plaintext broadcast fragments as full frames (in an encrypted network).
  • CVE-2020-26144: Accepting plaintext A-MSDU frames that start with an RFC1042 header with EtherType EAPOL (in an encrypted network).
  • CVE-2020-26140: Accepting plaintext data frames in a protected network.
  • CVE-2020-26143: Accepting fragmented plaintext data frames in a protected network.
  • CVE-2020-26139: Forwarding EAPOL frames even though the sender is not yet authenticated (should only affect APs).
  • CVE-2020-26146: Reassembling encrypted fragments with non-consecutive packet numbers.
  • CVE-2020-26147: Reassembling mixed encrypted/plaintext fragments.
  • CVE-2020-26142: Processing fragmented frames as full frames.
  • CVE-2020-26141: Not verifying the TKIP MIC of fragmented frames.

このうち設計上の欠陥とされるものは

Fortunately, the design flaws are hard to abuse because doing so requires user interaction or is only possible when using uncommon network settings.

ということなので,鼻の先は大丈夫だろう。 実装上の脆弱性については,スマホやパソコン等では既に対策パッチが出回っているだろうが,無線 LAN ルータ等についてはベンダ情報に注意する必要がある。

その他のブックマーク