Paper 2021/763

Fragment and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation

Mathy Vanhoef


In this paper, we present three design flaws in the 802.11 standard that underpins Wi-Fi. One design flaw is in the frame aggregation functionality, and another two are in the frame fragmentation functionality. These design flaws enable an adversary to forge encrypted frames in various ways, which in turn enables exfiltration of sensitive data. We also discovered common implementation flaws related to aggregation and fragmentation, which further worsen the impact of our attacks. Our results affect all protected Wi-Fi networks, ranging from WEP all the way to WPA3, meaning the discovered flaws have been part of Wi-Fi since its release in 1997. In our experiments, all devices were vulnerable to one or more of our attacks, confirming that all Wi-Fi devices are likely affected. Finally, we present a tool to test whether devices are affected by any of the vulnerabilities, and we discuss countermeasures to prevent our attacks.

Available format(s)
Publication info
Published elsewhere. USENIX Security'21
cryptographic protocolswifiwpa2wpa3802.11
Contact author(s)
mathy vanhoef @ nyu edu
2021-06-09: received
Short URL
Creative Commons Attribution


      author = {Mathy Vanhoef},
      title = {Fragment and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation},
      howpublished = {Cryptology ePrint Archive, Paper 2021/763},
      year = {2021},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.