Recently, researchers from Northeastern University and KU Leuven have discovered a fundamental design flaw in the IEEE 802.11 Wi-Fi protocol standard that could impact a wide range of devices running on Linux, FreeBSD, Android, and iOS. The flaw could be exploited to hijack TCP connections or intercept client and web traffic, allowing attackers to execute a denial-of-service attack or leak frames from the access point destined to a victim client station.
The flaw is based on a power-save mechanism in endpoint devices, allowing hackers to trick access points into disclosing data frames in plaintext or encrypting them with an all-zero key. Attackers can force queue frames intended for a specific client, resulting in its disconnection and executing a denial-of-service attack. The researchers also note that manipulating the security context to leak frames from the queue can override the client's security context used by an access point to receive packets intended for the victim. This attack presupposes that the targeted party is connected to a hotspot-like network.
Cisco, in an informational advisory, described the vulnerabilities as an "opportunistic attack," and the information gained by the attacker would be of minimal value in a securely configured network. However, the company acknowledged that the attacks presented in the study may be successful against Cisco Wireless Access Point products and Cisco Meraki products with wireless capabilities.
To reduce the probability of such attacks, it is recommended to implement transport layer security (TLS) to encrypt data in transit and apply policy enforcement mechanisms to restrict network access.
The discoveries come months after Ali Abedi and Deepak Vasisht disclosed Wi-Peep, a location-revealing privacy attack that likewise uses the 802.11 protocol's power-saving strategy to pinpoint target devices.
Other recent investigations have used the Google Maps' Geolocation API to conduct location spoofing assaults in urban areas, as well as use Wi-Fi signals to detect and map human movement in a room.
Comments