WLAN vulnerability “Fragattacks” – LANCOM provides patches

WLAN vulnerability “Fragattacks” – LANCOM provides patches

Introduction

FragAttacks (fragmentation and aggregation attacks) is a collection of new security vulnerabilities that affect Wi-Fi devices. An adversary that is within radio range of a victim can abuse these vulnerabilities to steal user information or attack devices.

Three of the discovered vulnerabilities are design flaws in the Wi-Fi standard and therefore affect most devices. On top of this, several other vulnerabilities were discovered that are caused by widespread programming mistakes in Wi-Fi products. Experiments indicate that every Wi-Fi product is affected by at least one vulnerability and that most products are affected by several vulnerabilities.

The discovered vulnerabilities affect all modern security protocols of Wi-Fi, including the latest WPA3 specification. Even the original security protocol of Wi-Fi, called WEP, is affected. This means that several of the newly discovered design flaws have been part of Wi-Fi since its release in 1997! Fortunately, the design flaws are hard to abuse because doing so requires user interaction or is only possible when using uncommon network settings. As a result, in practice the biggest concern are the programming mistakes in Wi-Fi products since several of them are trivial to exploit.

Fragattacks and LANCOM

These vulnerabilities have been fixed in LANCOM WLAN products that are operated with LCOS as of LCOS 10.42.  A corresponding security patch has also been released for the older LCOS versions below:

With LANCOM access points of the type LW-500 the vulnerabilities have been fixed as of LCOS LX 5.30 RU2. The security patch as of firmware version 5.30 SU3 is available for Wi-Fi 6-capable LANCOM access points of the type LW-600 and LX-6400/6402.

LANCOM Systems recommends updating to the firmware versions mentioned which can be downloaded free of charge from the LANCOM website. In the LANCOM Management Cloud, all patches are available now. If you use the LANconfig auto-updater, the availability may take some time. For older products that no longer receive this security patch, we recommend migrating to new WLAN technologies in the medium term.

For more information on Fragattacks please see the website related to the discovery below.

https://www.fragattacks.com/

About the author

Gavin Tobin administrator

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.