Paper 2021/763

Fragment and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation

Mathy Vanhoef

Abstract

In this paper, we present three design flaws in the 802.11 standard that underpins Wi-Fi. One design flaw is in the frame aggregation functionality, and another two are in the frame fragmentation functionality. These design flaws enable an adversary to forge encrypted frames in various ways, which in turn enables exfiltration of sensitive data. We also discovered common implementation flaws related to aggregation and fragmentation, which further worsen the impact of our attacks. Our results affect all protected Wi-Fi networks, ranging from WEP all the way to WPA3, meaning the discovered flaws have been part of Wi-Fi since its release in 1997. In our experiments, all devices were vulnerable to one or more of our attacks, confirming that all Wi-Fi devices are likely affected. Finally, we present a tool to test whether devices are affected by any of the vulnerabilities, and we discuss countermeasures to prevent our attacks.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published elsewhere. USENIX Security'21
Keywords
cryptographic protocolswifiwpa2wpa3802.11
Contact author(s)
mathy vanhoef @ nyu edu
History
2021-06-09: received
Short URL
https://ia.cr/2021/763
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2021/763,
      author = {Mathy Vanhoef},
      title = {Fragment and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation},
      howpublished = {Cryptology {ePrint} Archive, Paper 2021/763},
      year = {2021},
      url = {https://eprint.iacr.org/2021/763}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.