iTnews Asia
  • Home
  • News
  • Networking

Wi-Fi protocol vulnerability allows traffic decryption

Wi-Fi protocol vulnerability allows traffic decryption

Proof-of-concept published.

By Richard Chirgwin on Mar 28, 2023 11:58AM

The ubiquitous 802.11 protocol has a vulnerability that allows an attacker to bypass encryption for some traffic.

According to the academic researchers who discovered it, the bug gives an attacker a way to “trick access points into leaking frames in plaintext, or encrypted using the group or an all-zero key”.

Because it’s a protocol bug, it affects multiple Wi-Fi implementations.

One of the researchers, Dr Mathy Vanhoef of New York University Abu Dhabi, has published a proof-of-concept, called MacStealer, at GitHub.

In their paper, “Framing Frames: Bypassing Wi-Fi Encryption by Manipulating Transmit Queues” [pdf], Dr Vanhoef and Northeastern University’s Domien Schepers and Aanjhan Ranganathan and KU Lueven’s Mathy Vanhoef, wrote that the vulnerability occurs because of “the lack of explicit guidance in managing security contexts of buffered frames in the 802.11 standards.

“The unprotected nature of the power-save bit in a frame’s header, which our work reveals to be a fundamental design flaw, also allows an adversary to force queue frames intended for a specific client," the researchers wrote.

This, they said, can force disconnection of the target, creating a trivial denial-of-service attack.

Examples of vulnerable networks, the paper stated, include enterprise networks using client isolation or ARP inspection; public hotspots that use the Passpoint login mechanism; home networks using WPA2 or WPA3 with client isolation enabled; and public hotspots using WPA3 SAE-PK.

Cisco was the first vendor to acknowledge the issue.

The networking giant is somewhat dismissive, saying: “This attack is seen as an opportunistic attack and the information gained by the attacker would be of minimal value in a securely configured network.”

Nonetheless, it said, "the attacks that are outlined in the paper may be successful when leveraged against Cisco Wireless Access Point products and Cisco Meraki products with wireless capabilities.”

Cisco said policy enforcement via its Identity Services Engine can mitigate the attacks, and said users should implement transport layer security to encrypt data traversing the network.

To reach the editorial team on your feedback, story ideas and pitches, contact them here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
80211 cisco networking security vulnerability wifi

Related Articles

  • How can the Agentic AI workspace remain secure for APAC organisations?
  • AI-fuelled attacks forcing enterprises to rethink security architecture
  • Malicious AI agents can severely disrupt APAC enterprises
  • A data-first AI strategy is critical to managing security threats in 2026
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Singapore-France undersea cable build is underway

Singapore-France undersea cable build is underway

Mercedes-Benz opens mobility R&D centre in Shanghai

Mercedes-Benz opens mobility R&D centre in Shanghai

Shangri-La Group's Jen hotels implement smart check-in kiosks

Shangri-La Group's Jen hotels implement smart check-in kiosks

Singapore aims to pioneer space-based VHF for air traffic comms

Singapore aims to pioneer space-based VHF for air traffic comms

All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of Lighthouse Independent Media's Privacy Policy and Terms & Conditions.