WiFicalypse 2021

Dr. Mathy Vanhoef published today new FragAttacks (fragmentation and aggregation attacks) on fragattacks.com to attack WiFi devices. Those attacks are based on Design and Implementation flaws and it looks like that all WiFi devices (Clients and Wireless Access Points) are affected by those vulnerabilities (therefore hashtag #wificalypse).

He wrote that using HTTPS in combination with HSTS is preventing this type of attacks. HSTS enforces web browsers to use always HTTPS encryption. Security Headers can be used to perform a check if HSTS headers are set on the web server.

EFF (Electronic Frontier Foundation) provides also a plug-in for web browsers called HTTPS Everywhere, which rewrite HTTP requests into HTTPS requests.

FragAttacks on Github: vanhoefm / fragattacks

Update: Cisco Security Advisory

Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021