Wi-Fi protocol vulnerability allows traffic decryption

By on
Wi-Fi protocol vulnerability allows traffic decryption

Proof-of-concept published.

The ubiquitous 802.11 protocol has a vulnerability that allows an attacker to bypass encryption for some traffic.

According to the academic researchers who discovered it, the bug gives an attacker a way to “trick access points into leaking frames in plaintext, or encrypted using the group or an all-zero key”.

Because it’s a protocol bug, it affects multiple Wi-Fi implementations.

One of the researchers, Dr Mathy Vanhoef of New York University Abu Dhabi, has published a proof-of-concept, called MacStealer, at GitHub.

In their paper, “Framing Frames: Bypassing Wi-Fi Encryption by Manipulating Transmit Queues” [pdf], Dr Vanhoef and Northeastern University’s Domien Schepers and Aanjhan Ranganathan and KU Lueven’s Mathy Vanhoef, wrote that the vulnerability occurs because of “the lack of explicit guidance in managing security contexts of buffered frames in the 802.11 standards.

“The unprotected nature of the power-save bit in a frame’s header, which our work reveals to be a fundamental design flaw, also allows an adversary to force queue frames intended for a specific client," the researchers wrote.

This, they said, can force disconnection of the target, creating a trivial denial-of-service attack.

Examples of vulnerable networks, the paper stated, include enterprise networks using client isolation or ARP inspection; public hotspots that use the Passpoint login mechanism; home networks using WPA2 or WPA3 with client isolation enabled; and public hotspots using WPA3 SAE-PK.

Cisco was the first vendor to acknowledge the issue.

The networking giant is somewhat dismissive, saying: “This attack is seen as an opportunistic attack and the information gained by the attacker would be of minimal value in a securely configured network.”

Nonetheless, it said, "the attacks that are outlined in the paper may be successful when leveraged against Cisco Wireless Access Point products and Cisco Meraki products with wireless capabilities.”

Cisco said policy enforcement via its Identity Services Engine can mitigate the attacks, and said users should implement transport layer security to encrypt data traversing the network.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
80211cisconetworkingsecurityvulnerabilitywifi

Sponsored Whitepapers

Responding To Industry Trends And Our 5m+ Users
Responding To Industry Trends And Our 5m+ Users
The Future of Digital Identity in Government
The Future of Digital Identity in Government
Secure Public Services for Every Australian
Secure Public Services for Every Australian
7½ Questions for Aged Care's Digital Decisions
7½ Questions for Aged Care's Digital Decisions
Creating the Sustainable IT Department
Creating the Sustainable IT Department

Most Read Articles

Australia appoints first cyber security coordinator

Australia appoints first cyber security coordinator
Apple rushes out patches for exploited zero day bugs

Apple rushes out patches for exploited zero day bugs
Perpetual 'extended outage' caused by security incident at third-party

Perpetual 'extended outage' caused by security incident at third-party
Exploit emerges for Cisco VPN client vulnerability

Exploit emerges for Cisco VPN client vulnerability

Digital Nation

More than half of loyalty members concerned about their data
More than half of loyalty members concerned about their data
COVER STORY: The opportunities and risks of cybersecurity insurance in Australia
COVER STORY: The opportunities and risks of cybersecurity insurance in Australia
DeepAI founder on the risks of artificial intelligence
DeepAI founder on the risks of artificial intelligence
How eBay uses interaction analytics to improve CX
How eBay uses interaction analytics to improve CX
Health tech startup Kismet raises $4m in pre-seed funding
Health tech startup Kismet raises $4m in pre-seed funding

Log In

  |  Forgot your password?