• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
new wi fi protocol security flaw affecting linux, android and ios

New Wi-Fi Protocol Security Flaw Affecting Linux, Android and iOS Devices

You are here: Home / General Cyber Security News / New Wi-Fi Protocol Security Flaw Affecting Linux, Android and iOS Devices
March 30, 2023

A group of teachers from Northeastern University and KU Leuven has disclosed a basic design flaw in the IEEE 802.11 Wi-Fi protocol common, impacting a large array of devices managing Linux, FreeBSD, Android, and iOS.

Effective exploitation of the shortcoming could be abused to hijack TCP connections or intercept shopper and web visitors, researchers Domien Schepers, Aanjhan Ranganathan, and Mathy Vanhoef reported in a paper printed this 7 days.

The strategy exploits electric power-help save mechanisms in endpoint equipment to trick accessibility details into leaking knowledge frames in plaintext, or encrypt them using an all-zero important.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


“The unprotected character of the energy-save little bit in a frame’s header […] also enables an adversary to pressure queue frames meant for a precise shopper resulting in its disconnection and trivially executing a denial-of-company attack,” the researchers famous.

In other phrases, the intention is to leak frames from the access issue destined to a victim shopper station by having edge of the reality that most Wi-Fi stacks do not adequately dequeue or purge their transmit queues when the security context improvements.

In addition to manipulating the security context to leak frames from the queue, an attacker can override the client’s security context used by an obtain point to acquire packets meant for the victim. This attack pre-supposes that the specific party is connected to a hotspot-like network.

“The core concept at the rear of the attack is that the fashion in which customers are authenticated is unrelated to how packets are routed to the appropriate Wi-Fi customer,” Vanhoef spelled out.

“A destructive insider can abuse this to intercept info to a Wi-Fi customer by disconnecting a sufferer and then connecting underneath the MAC handle of the target (employing the qualifications of the adversary). Any packets that ended up however underway to the sufferer, these kinds of web site info that the sufferer was however loading, will now be gained by the adversary as a substitute.”

Cisco, in an informational advisory, described the vulnerabilities as an “opportunistic attack and the info acquired by the attacker would be of negligible worth in a securely configured network.”

Having said that, the corporation acknowledged that the attacks presented in the analyze may well be productive towards Cisco Wi-fi Access Stage goods and Cisco Meraki products with wireless abilities.

To lower the likelihood of this sort of attacks, it is really advised to implement transport layer security (TLS) to encrypt info in transit and utilize plan enforcement mechanisms to prohibit network obtain.

THN WEBINARBecome an Incident Reaction Pro!

Unlock the secrets to bulletproof incident response – Grasp the 6-Period approach with Asaf Perlman, Cynet’s IR Chief!

Really don’t Miss out on Out – Save Your Seat!

The conclusions arrive months immediately after researchers Ali Abedi and Deepak Vasisht demonstrated a place-revealing privacy attack referred to as Wi-Peep that also exploits the 802.11 protocol’s electrical power-conserving system to localize goal products.

The investigation also follows other modern scientific studies that have leveraged the Google Geolocation API to start locale spoofing attacks in city locations, not to mention use Wi-Fi signals to detect and map human movement in a place.

Discovered this article attention-grabbing? Comply with us on Twitter  and LinkedIn to examine much more distinctive content we post.


Some parts of this report are sourced from:
thehackernews.com

Previous Post: «brand new emotet campaign socially engineers its way from detection 3CX CEO suggests state-sponsored hackers behind supply chain malware attack
Next Post: Cyber security suffers from a communication problem what is the spell jacking vulnerability and how can your business»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Qilin Ransomware Adds “Call Lawyer” Feature to Pressure Victims for Larger Ransoms
  • Iran’s State TV Hijacked Mid-Broadcast Amid Geopolitical Tensions; $90M Stolen in Crypto Heist
  • 6 Steps to 24/7 In-House SOC Success
  • Massive 7.3 Tbps DDoS Attack Delivers 37.4 TB in 45 Seconds, Targeting Hosting Provider
  • 67 Trojanized GitHub Repositories Found in Campaign Targeting Gamers and Developers
  • New Android Malware Surge Hits Devices via Overlays, Virtualization Fraud and NFC Theft
  • BlueNoroff Deepfake Zoom Scam Hits Crypto Employee with MacOS Backdoor Malware
  • Secure Vibe Coding: The Complete New Guide
  • Uncover LOTS Attacks Hiding in Trusted Tools — Learn How in This Free Expert Session
  • Russian APT29 Exploits Gmail App Passwords to Bypass 2FA in Targeted Phishing Campaign

Copyright © TheCyberSecurity.News, All Rights Reserved.