FragAttacks

brenard
Posts: 2
Joined: Mon May 17, 2021 6:54 pm

FragAttacks

Postby brenard » Mon May 17, 2021 6:58 pm

Hello,

I would like to know is ESP8266 (and derivated devices) is concerned by FragAttacks (https://www.fragattacks.com/) vulnerability? If so, is there any work in progress on these topics?

Thank you

Benjamin

axellin
Posts: 197
Joined: Mon Sep 17, 2018 9:09 am

Re: FragAttacks

Postby axellin » Tue May 18, 2021 12:09 am


brenard
Posts: 2
Joined: Mon May 17, 2021 6:54 pm

Re: FragAttacks

Postby brenard » Tue May 18, 2021 5:07 am

Yes, thank you, I just see that issue.

ESP_Angus
Posts: 2344
Joined: Sun May 08, 2016 4:11 am

Re: FragAttacks

Postby ESP_Angus » Thu May 20, 2021 8:11 am

Hi Brenard,

There is an Advisories section on our website here: https://www.espressif.com/en/support/do ... advisories . We will post an advisory there once we've finished analysis and patching and also update here.

The vulnerability pertains to design flaw in the specification and therefore ubiquitous. It involves toggling an unauthenticated flag in otherwise authenticated and encrypted packet for the purpose of changing parsing sequence to favor the attacker. The attacker also needs to be in physical proximity of the device under attack for the purpose of spoofing (man-in-the-middle). We believe this vulnerability is difficult to exploit, however, we will be making corresponding patches and an advisory available soon.

Who is online

Users browsing this forum: Bing [Bot] and 116 guests