iTnews Asia
  • Home
  • News
  • Networking

Wi-Fi protocol vulnerability allows traffic decryption

Wi-Fi protocol vulnerability allows traffic decryption

Proof-of-concept published.

By Richard Chirgwin on Mar 28, 2023 11:58AM

The ubiquitous 802.11 protocol has a vulnerability that allows an attacker to bypass encryption for some traffic.

According to the academic researchers who discovered it, the bug gives an attacker a way to “trick access points into leaking frames in plaintext, or encrypted using the group or an all-zero key”.

Because it’s a protocol bug, it affects multiple Wi-Fi implementations.

One of the researchers, Dr Mathy Vanhoef of New York University Abu Dhabi, has published a proof-of-concept, called MacStealer, at GitHub.

In their paper, “Framing Frames: Bypassing Wi-Fi Encryption by Manipulating Transmit Queues” [pdf], Dr Vanhoef and Northeastern University’s Domien Schepers and Aanjhan Ranganathan and KU Lueven’s Mathy Vanhoef, wrote that the vulnerability occurs because of “the lack of explicit guidance in managing security contexts of buffered frames in the 802.11 standards.

“The unprotected nature of the power-save bit in a frame’s header, which our work reveals to be a fundamental design flaw, also allows an adversary to force queue frames intended for a specific client," the researchers wrote.

This, they said, can force disconnection of the target, creating a trivial denial-of-service attack.

Examples of vulnerable networks, the paper stated, include enterprise networks using client isolation or ARP inspection; public hotspots that use the Passpoint login mechanism; home networks using WPA2 or WPA3 with client isolation enabled; and public hotspots using WPA3 SAE-PK.

Cisco was the first vendor to acknowledge the issue.

The networking giant is somewhat dismissive, saying: “This attack is seen as an opportunistic attack and the information gained by the attacker would be of minimal value in a securely configured network.”

Nonetheless, it said, "the attacks that are outlined in the paper may be successful when leveraged against Cisco Wireless Access Point products and Cisco Meraki products with wireless capabilities.”

Cisco said policy enforcement via its Identity Services Engine can mitigate the attacks, and said users should implement transport layer security to encrypt data traversing the network.

To reach the editorial team on your feedback, story ideas and pitches, contact them here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
80211 cisco networking security vulnerability wifi

Related Articles

  • Your organisation’s physical security can be a gateway for cybercriminals
  • The best way to outsmart your threat actors is to think like one
  • How cybercriminals are exploiting LLMs to harm your business
  • Is identity now the next parameter of cybersecurity breaches?
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Shangri-La Group's Jen hotels implement smart check-in kiosks

Shangri-La Group's Jen hotels implement smart check-in kiosks

IMDA launches accelerator to help Poly and ITE students land tech jobs

IMDA launches accelerator to help Poly and ITE students land tech jobs

Malaysia's digital super highway fibre network gets gear boost

Malaysia's digital super highway fibre network gets gear boost

Bharti Airtel CTO says 5G business case still not clear

Bharti Airtel CTO says 5G business case still not clear

All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of Lighthouse Independent Media's Privacy Policy and Terms & Conditions.