Table of Contents
Did you know there are new vulnerabilities of Wi-Fi and the data obtains from it? Even after advanced improvements in network connection, due to design flaws in them, there is the emergence of frag attack. You can worry less because computer support NYC is dealing with it and providing safety to its clients.
Since 1997, these scams were there during technology outspread. But no one knows about them. So many companies are trying their best to protect their essential products. This post will explain everything.
What is a frag attack?
It is also known as Fragmentation and Aggregation. So what they do is attract impending traffic and lead them towards the unsecured networks. Then it copies the servers and inserts handshake messages. These are in real plaintext frames.
The main aim behind it is to trick your devices that have a network connection. This happens due to programming mistakes and defects in internet connections, doesn’t matter what protection you have put on.
The black hats then add a malicious DNS server into packets data. This gives them access to your most valuable information like passwords and IDs.
So the device with those malicious viruses when visiting any of such site again, the cybercriminals makes holes and keystrokes accessing the IP addresses and your location.
Effects on Routers and access points
It was hidden for past decades until in 2017; a person Mathy Vanhoef unleashed these spasms and “KRACK”.
In simple words, any device that can connect to a potential internet connection isn’t safe. Now the older ones that haven’t updated lately are more prone to such attacks.
The new ones have the same chances to get around. But there is advanced updating that contains patches. These patches in hardware prevent access points to use illegally.
As the businesses hire network security services that manage such issues. The only thing you can do is to keep a check on the routers and firmware, create strong passwords, and don’t click on websites without HTTP.
Read the protocol and search for these updates against frag attack.
Design flaws
CVE-2020-24588: Requirement of authentication of A-MSDU flag in plaintext QoS header file.
CVE-2020-24587: Requirement of encryption of all fragments of frames under the same key.
CVE-2020-24586: Requirement of clearance from the memory of received fragments after reconnecting to a system.
Implementation flaws
CVE-2020-26145: Acceptance of second broadcast fragments and its process when the plaintext is full unregimented frames.
CVE-2020-26144: Acceptance of plaintext A-MSDU frames until the correspondence of first 8 bytes to valid RFC1042 header.
CVE-2020-26140: Acceptance of plaintext frames in the form of a secured WIFI network.
CVE-2020-26143: Acceptance of fragmented plaintext frames in the form of protected internet connection.
Other implementation flaws
CVE-2020-26146: Forwarding EAPOL frames to clients when the sender has not authenticated from AP.
CVE-2020-26147: Reassembling non-consecutive packet numbers with fragments.
CVE-2020-26142: Reassembling fragments when any of them is in plaintext.
CVE-2020-26141: Treatment of full frames as fragment frames.
How IT Services New York is handling it?
Going through all of these web vulnerabilities, now the whole technology industry is looking towards the updates of manufacturers to give those patches. After the release of Vanhoef discovery of these spasms, vendors are trying their best on them.
Computer support NYC is working with the manufacturers and vendors to ensure the application of the security patches when released. So windows covered by them have existed patches require for security and removing any access points. If you haven’t protected your device management, book your appointment today to prevent any future malicious attacks and weak access points.