iTnews Asia
  • Home
  • News
  • Networking

Wi-Fi protocol vulnerability allows traffic decryption

Wi-Fi protocol vulnerability allows traffic decryption

Proof-of-concept published.

By Richard Chirgwin on Mar 28, 2023 11:58AM

The ubiquitous 802.11 protocol has a vulnerability that allows an attacker to bypass encryption for some traffic.

According to the academic researchers who discovered it, the bug gives an attacker a way to “trick access points into leaking frames in plaintext, or encrypted using the group or an all-zero key”.

Because it’s a protocol bug, it affects multiple Wi-Fi implementations.

One of the researchers, Dr Mathy Vanhoef of New York University Abu Dhabi, has published a proof-of-concept, called MacStealer, at GitHub.

In their paper, “Framing Frames: Bypassing Wi-Fi Encryption by Manipulating Transmit Queues” [pdf], Dr Vanhoef and Northeastern University’s Domien Schepers and Aanjhan Ranganathan and KU Lueven’s Mathy Vanhoef, wrote that the vulnerability occurs because of “the lack of explicit guidance in managing security contexts of buffered frames in the 802.11 standards.

“The unprotected nature of the power-save bit in a frame’s header, which our work reveals to be a fundamental design flaw, also allows an adversary to force queue frames intended for a specific client," the researchers wrote.

This, they said, can force disconnection of the target, creating a trivial denial-of-service attack.

Examples of vulnerable networks, the paper stated, include enterprise networks using client isolation or ARP inspection; public hotspots that use the Passpoint login mechanism; home networks using WPA2 or WPA3 with client isolation enabled; and public hotspots using WPA3 SAE-PK.

Cisco was the first vendor to acknowledge the issue.

The networking giant is somewhat dismissive, saying: “This attack is seen as an opportunistic attack and the information gained by the attacker would be of minimal value in a securely configured network.”

Nonetheless, it said, "the attacks that are outlined in the paper may be successful when leveraged against Cisco Wireless Access Point products and Cisco Meraki products with wireless capabilities.”

Cisco said policy enforcement via its Identity Services Engine can mitigate the attacks, and said users should implement transport layer security to encrypt data traversing the network.

To reach the editorial team on your feedback, story ideas and pitches, contact them here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
80211 cisco networking security vulnerability wifi

Related Articles

  • StarHub launches app to protect customers from scam calls and SMS
  • Beware the rise of ‘vishing’ as a cyber threat in APAC
  • Proofpoint CEO: A tool-based approach for cybersecurity is impractical
  • Akamai: AI-security is both a security imperative and an economic necessity
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

NTT Docomo ties up with Vodafone UK to progress Open RAN

NTT Docomo ties up with Vodafone UK to progress Open RAN
Juniper Networks battles swarm of bugs

Juniper Networks battles swarm of bugs
Apple Engineering staves off attempted network route hijack

Apple Engineering staves off attempted network route hijack
IMDA launches accelerator to help Poly and ITE students land tech jobs

IMDA launches accelerator to help Poly and ITE students land tech jobs
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of Lighthouse Independent Media's Privacy Policy and Terms & Conditions.