This Week In Security: Fragattacks, The Pipeline, Codecov, And IPv6

Some weeks are slow, and the picking are slim when discussing the latest security news. This was not one of those weeks.

First up is Fragattacks, a set of flaws in wireless security protocols, allowing unauthenticated devices to inject packets into the network, and in some cases, read data back out. The flaws revolve around 802.11’s support for packet aggregation and frame fragmentation. The whitepaper is out, so let’s take a look.

Fragmentation and aggregation are techniques for optimizing wireless connections. Packet aggregation is the inclusion of multiple IP packets in a single wireless frame. When a device is sending many small packets, it’s more efficient to send them all at once, in a single wireless frame. On the other hand, if the wireless signal-to-noise ratio is less than ideal, shorter frames are more likely to arrive intact. To better operate in such an environment, long frames can be split into fragments, and recombined upon receipt.

There are a trio of vulnerabilities that are built-in to the wireless protocols themselves. First up is CVE-2020-24588, the aggregation attack. To put this simply, the aggregation section of a wireless frame header is unauthenticated and unencrypted. How to exploit this weakness isn’t immediately obvious, but the authors have done something clever.

First, for the purposes of explanation, we will assume that there is already a TCP connection established between the victim and an attacker controlled server. This could be as simple as an advertisement being displayed on a visited web page, or an image linked to in an email. We will also assume that the attacker is performing a Man in the Middle attack on the target’s wireless connection. Without the password, this only allows the attacker to pass the wireless frames back and forth unmodified, except for the aggregation header data, as mentioned. The actual attack is to send a special IP packet in the established TCP connection, and then modify the header data on the wireless frame that contains that packet.

When the victim tries to unpack what it believes to be an aggregated frame, the TCP payload is interpreted as a discrete packet, which can be addressed to any IP and port the attacker chooses. To put it more simply, it’s a packet within a packet, and the frame aggregation header is abused to pop the internal packet out onto the protected network. Continue reading “This Week In Security: Fragattacks, The Pipeline, Codecov, And IPv6”

Pokemon Go GPS Cheat (If You Don’t Fear Getting Banned)

Pokemon Go inherits a certain vulnerability to GPS location spoofing from it’s predecessor Ingress, but also the progress that has been made in spoof detection. Since taking advantage of a game’s underlying mechanisms is part of the winner’s game, why not hook up your smartphone to Xcode and see if you can beat Niantic this time? [Dave Conroy] shows you how to play back waypoints and activate your Pokemon Go warp drive.

Continue reading “Pokemon Go GPS Cheat (If You Don’t Fear Getting Banned)”

Using A Mac And XCode As A Linux Development Platform

[Ricard Dias] wrote in to tell us about his guide for developing Linux applications on a Mac. He really enjoys the development environment provided by XCode, and it doesn’t take much to make it work as an all-in-one solution for Linux development.

The real trick here is the use of SSH to access a Linux environment. In this example he uses Ubuntu running as a virtual machine, but also mentions that the same thing can be done just as easily with a separate box as long as it is on the same network as the Mac. SSHFS (the SSH Filesystem) lets him mount the development directory on the Linux box locally. This is where the XCode project and files will be stored, but building the program will be done by the Linux machine via a script calling the make comand via SSH. To test out the newly built program, [L] tunnels in using X11 forwarding for ssh, and the application will be shown as a window in OSX, even though it is running on the Ubuntu machine.

We love SSH and use it all the time. It’s amazing how hand it can be.