This worrying security flaw might let hackers hijack your Wi-Fi

Flaw could allow criminals to steal your data

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The IEEE 802.11 Wi-Fi protocol standard carries a security flaw that could allow threat actors to steal sensitive data and inject malicious content, researchers are saying.

Wi-Firoutersshare between them network frames - data containers that include things like the MAC address of the source and destination endpoints, or control and management data.

If a Wi-Fi device is in power-saving mode (sleep mode), the incoming frames will be queued, to be dequeued, encrypted, and transmitted to the destination, once it wakes up and leaves the power-saving mode.

Limited impact

In theory, a threat actor could spoof the MAC address of a network device and send a power-saving frame, essentially telling the destination device to start queuing frames. Then, they can transmit a wake-up frame and grab all of the frames that were queued in the meantime.

While the frames will be encrypted, the threat actors can send authentication and association frames to the destinationendpoint, and in doing so change the security context of the frames. Consequently, the transmitted frames will come in plaintext, or with encryption to which the attackers have the decryption key.

Devices from Lancom, Aruba, Cisco, Asus, and D-Link, are just some of those affected by this flaw.

“Our attacks have a widespread impact as they affect various devices andoperating systems(Linux, FreeBSD, iOS, and Android) and because they can be used to hijack TCP connections or intercept client and web traffic,” the researchers - Domien Schepers and Aanjhan Ranganathan of Northeastern University, and Mathy Vanhoef of imec-DistriNet, KU Leuven - said in their report.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

They also said that the vulnerability could be used to add malicious content into TCP packets, JavaScript included.

“An adversary can use their own Internet-connected server to inject data into this TCP connection by injecting off-path TCP packets with a spoofed sender IP address.”

“This can, for instance, be abused to send malicious JavaScript code to the victim in plaintext HTTP connections with as goal to exploit vulnerabilities in the client’s browser.”

The vulnerability can be used to eavesdrop on Wi-Fi traffic, the researchers added, but the impact of the flaw should be somewhat limited.

Globe-trotting Roaming Mantis malware is hitting Android and iOS users alike>Your Wi-Fi router could spy exactly where you are in a room>Check out the best Wi-Fi extenders right now

“This attack is seen as an opportunistic attack, and the information gained by the attacker would be of minimal value in a securely configured network,” BleepingComputer cited Cisco. Yet, the company suggests business use policy enforcement mechanisms, to be on the safe side.

“Cisco also recommends implementing transport layer security to encrypt data in transit whenever possible because it would render the acquired data unusable by the attacker.”

Via:BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

This new malware utilizes a rare programming language to evade traditional detection methods