就在最近，一位安全研究人员发现并报告了WiFi设备中称为FragAttacks的新漏洞。这些是利用WiFi^(WiFi)标准中的设计缺陷并影响大多数支持WiFi的设备的新型攻击。他之前发现了基本上影响WPA2协议的KRACK攻击。

什么是碎片攻击？

FragAttacks术语是由短语Fragmentation 和Ag gregation ^(Fr)Attacks创造的。这些是针对WiFi设备的安全威胁。在这些攻击中，攻击者主要针对其 WiFi 网络范围内的^{(within the range of its WiFi network)}设备并窃取受害者的敏感信息（例如密码）。这些攻击影响所有最近的WiFi安全协议，包括 WPA3 和 WPA2^{(including WPA3 and WPA2)}。家庭路由器、物联网^(IoT)、智能手机和许多其他设备都会受到此类攻击的影响。

阅读^(Read)：如何保护您的 WiFi 路由器^{(secure and protect your WiFi Router)}。

WiFi的设计缺陷

FragAttacks 利用了WiFi中的几个漏洞。它们可以通过多种方式进行，包括：

攻击者可能会将未加密的WiFi帧注入到安全的WiFi网络中。他们可以利用WiFi^(WiFi)标准中的第一个设计缺陷，即其聚合^{(aggregation)}功能。在这种情况下，框架中的“已聚合^{(is aggregated)}”标志未经过验证，并且可以轻松修改。因此^(Hence)，攻击者注入数据包并欺骗受害者将他重定向到他们的恶意服务器。

WiFi的第二个设计缺陷是其帧碎片化^{( frame fragmentation)}特性，被称为混合密钥攻击^{(mixed key attack)}。来自同一帧的片段使用相同的密钥加密，而接收者可以使用不同的密钥重新组合片段。攻击者可以使用它来窃取受害者的数据。

第三个设计缺陷同样与WiFi中的帧碎片功能有关，称为碎片缓存攻击^{(fragment cache attack)}。发生的情况是，当用户与网络断开连接时，WiFi设备不会从内存中删除未重组的片段。这可以通过将恶意片段注入接入点的内存来加以利用。现在，当用户连接到WiFi网络并传输碎片帧时，这些碎片将与攻击者注入的恶意碎片重新组合。

阅读^(Read)：如何检查您的路由器是否被黑客入侵^{(How to check if your Router is hacked)}。

Mathy Vanhoef 的 FragAttacks 演示：

如何保护您的WiFi免受FragAttacks 攻击^{(FragAttacks)}？

一些标准做法可以帮助您保护您的WiFi免受FragAttacks 攻击^{(FragAttacks)}。这些都是：

1. 升级您的设备
2. 安装安全更新
3. 使用加密
4. 使用 VPN
5. 设置自定义 DNS

1]升级您的设备

Mathy Vanhoef 在他的博客中说：

The biggest risk in practice is likely the ability to abuse the discovered flaws to attack devices in someone’s home network. For instance, many smart home and internet-of-things devices are rarely updated, and Wi-Fi security is the last line of defense that prevents someone from attacking these devices. Unfortunately, due to the discover vulnerabilities, this last line of defense can now be bypassed. In the demo above, this is illustrated by remotely controlling a smart power plug and by taking over an outdated Windows 7 machine.

因此，如果您使用的是旧版本的设备，则必须升级它们。例如，如果您仍在使用Windows 7/8，那么现在是升级到 Windows 10^{(upgrade to Windows 10)}以保护您的设备免受FragAttacks和其他新的安全攻击的最佳时机。

而且，如果您使用的是长期无法升级的旧路由器，则必须考虑更换路由器并购买新路由器。如果没有定期更新固件，只需更换您的设备。

阅读^(Read)：如何修复公共和家庭 Wi-Fi 网络漏洞。

2]安装安全更新

始终确保您已在设备上安装安全更新。安全^(Security)更新可帮助您保护您的设备免受任何新的漏洞和安全攻击。因此，请继续检查安全更新并在它们可用时立即安装它们。虽然，智能手机和其他现代设备会自动下载并安装安全更新。但是，还要手动检查以确保相同。

在Windows 10的情况下，您可以通过转到“Settings > Update和Security > Windows Update选项来安装安全更新和其他更新，并检查可用的更新，然后下载并将它们安装在您的 PC 上。

阅读^(Read)：Wi-Fi 安全提示^{(Wi-Fi Security Tips)}：在公共热点^{(Public Hotspots)}采取的预防措施。

3]使用加密

在线浏览时，请确保您位于具有HTTPS（安全超文本传输​​协议^{(Hypertext Transfer Protocol Secure)}）证书的安全网站上。不仅如此，随时随地使用加密。例如，使用提供端到端加密的安全应用程序在设备之间传输数据。请记住，当未加密的数据通过安全网络发送时，就会发生FragAttacks 。^{(Remember FragAttacks)}所以，加密是必须的。

4]使用VPN

考虑使用 VPN 服务^{(using a VPN service)}，因为它可以通过加密连接路由您的流量，从而为您提供针对FragAttacks的保护。^{(FragAttacks)}

5]设置自定义DNS

您还可以在路由器和其他设备中手动配置自定义DNS，以阻止将您重定向到恶意服务器的任何攻击。

FragAttacks是WiFi标准中的一组新漏洞，可将多个设备置于风险之中。您网络范围内的攻击者可以执行这些类型的攻击，他试图窃取您的数据。但是，一些基本的安全措施可以帮助您保护您的WiFi免受FragAttacks的攻击。

您可以通过访问 fragattacks.com 进一步了解FragAttacks。^{(fragattacks.com.)}

What are FragAttacks? How to secure your WiFi against FragAttacks?

Just about recently, a security researсher has discovered and reported new vulnerabilities in WiFi devices known as FragAttacks. These are new types of attacks that exploit design flaws in the WiFi standard and affect most WiFi-enabled devices. He has previously discovered the KRACK attack which basically affected WPA2 protocol.

What are FragAttacks?

FragAttacks term is coined with the phrase Fragmentation and Aggregation Attacks. These are security threats that target WiFi devices. In these attacks, the attacker basically targets a device that is within the range of its WiFi network and steals the victim’s sensitive information (e.g., password). These attacks impact all recent WiFi security protocols including WPA3 and WPA2. Home routers, IoT, smartphones, and many other devices are affected by these kinds of attacks.

Read: How to secure and protect your WiFi Router.

Design Flaws in WiFi

FragAttacks take advantage of several vulnerabilities in WiFi. They can be carried out in various ways including:

The attacker may inject an unencrypted WiFi frame into a secure WiFi network. They can use the first design flaw in the WiFi standard which is its aggregation feature. In this, the “is aggregated” flag in a frame is not validated and can easily be modified. Hence, the attacker injects the packet and tricks the victim into redirecting him to their malicious server.

The second design flaw in WiFi is its frame fragmentation feature and is known as a mixed key attack. The fragments from the same frame are encrypted with the same key, while the receiver can reassemble fragments with different keys. An attacker can use this to exfiltrate the victim’s data.

The third design flaw is again with the frame fragmentation feature in WiFi and is called fragment cache attack. What happens is that the WiFi device doesn’t eliminate non-reassembled fragments from memory when a user is disconnected from a network. This can be exploited by injecting a malicious fragment into the access point’s memory. Now, when a user connects to the WiFi network and transmits a fragmented frame, those fragments will be reassembled with the attacker’s injected malicious fragment.

Read: How to check if your Router is hacked.

FragAttacks Demo by Mathy Vanhoef:

How to secure your WiFi against FragAttacks?

Some standard practices can help you protect your WiFi from FragAttacks. These are:

1. Upgrade your device
2. Install Security Updates
3. Use Encryption
4. Use a VPN
5. Set up a Custom DNS

1] Upgrade your device

Mathy Vanhoef says in his blog:

The biggest risk in practice is likely the ability to abuse the discovered flaws to attack devices in someone’s home network. For instance, many smart home and internet-of-things devices are rarely updated, and Wi-Fi security is the last line of defense that prevents someone from attacking these devices. Unfortunately, due to the discover vulnerabilities, this last line of defense can now be bypassed. In the demo above, this is illustrated by remotely controlling a smart power plug and by taking over an outdated Windows 7 machine.

So, if you are using an older version of your devices, you must upgrade them. For example, if you are still using Windows 7/8, it’s the right time to upgrade to Windows 10 to protect your device against FragAttacks and other new security attacks.

And, if you are using an old router that has no upgrades available for a long, you must consider changing your router and getting a new one. Simply replace your device if there are no firmware updates regularly.

Read: How to fix Public and Home Wi-Fi Network vulnerabilities.

2] Install Security Updates

Always make sure that you have installed security updates on your device. Security updates help you protect your devices against any new vulnerability and security attacks. So, keep on checking for security updates and install them as soon as they are available. Although, smartphones and other modern devices automatically download and install security updates. But, also check manually to ensure the same.

In the case of Windows 10, you can install security and other updates by going to the Settings > Update & Security > Windows Update option and check for updates available and then download and install them on your PC.

Read: Wi-Fi Security Tips: Precautions To Take At Public Hotspots.

3] Use Encryption

When browsing online, ensure that you are on a secure website with an HTTPS (Hypertext Transfer Protocol Secure) certificate. Not just that, use encryption all the time and everywhere. For example, use a secure application that offers end-to-end encryption to transfer data between devices. Remember FragAttacks occur when unencrypted data is sent over a secure network. So, encryption is a must.

4] Use a VPN

Consider using a VPN service as it can provide you protection against FragAttacks by routing your traffic through an encrypted connection.

5] Set up a Custom DNS

You can also configure a custom DNS manually in your router and other devices to obstruct any attack that redirects you to a malicious server.

FragAttacks are a new collection of vulnerabilities in WiFi standard that puts multiple devices at risk. An attacker within the range of your network can carry out these types of attacks where he attempts to steal your data. However, some basic security practices can help you protect your WiFi against FragAttacks.

You can further educate yourself on FragAttacks by going to fragattacks.com.

Related posts

• 如何解决在Windows 10 WiFi问题

• 对你的健康和家庭WiFi安全吗？

• 如何设置WiFi Range Extender，Booster和Repeater

• 如何测量Windows 10中的WiFi信号强度

• 的Windows 10不连接到WiFi上启动

• 如何在Windows 10查看Wi-Fi Network Driver information

• 如何在Windows 10创建Wi-Fi Network Adapter Report

• Windows 11/10上的Fix No internet，Secured WiFi error [固定]

• Best Free WiFi Hotspot software为Windows 10 PC

• 如何在Windows 10上查找和连接到Hidden WiFi Networks

• 如何找到WiFi password在Windows 10

• 如何禁用WiFi使用CMD or Powershell在Windows 10

• 如何检查Windows笔记本电脑是否支持2.4或5 GHz WiFi

• Turn Windows PC通过Internet Connection分享到WiFi Hotspot

• 如何在Windows 10中生成WiFi History or WLAN Report

• Remove Action Needed prompt在连接到WiFi network

• 免费WiFi Password Revealer & Finder software用于Windows PC

• 如何重置GoPro Wi-Fi password

• WiFi Extender vs WiFi Repeater - Which one更好？

• 免费的公共WiFi热点危险