Researchers Discover Massive Wi-Fi Vulnerability Affecting Multiple Access Points
Arthur T Knackerbracket writes:
There's a silent vulnerability lurking underneath the architecture of Wi-Fi networks:
A team of researchers from the University of California, Riverside revealed a series of weaknesses in existing Wi-Fi security, allowing them to intercept data on a network infrastructure that they've already connected to, even with client isolation in place.
The group called this vulnerability, AirSnitch, and, according to their paper [PDF], it exploits inherent weaknesses in the networking stack. Since Wi-Fi does not cryptographically link client MAC addresses, Wi-Fi encryption keys, and IP addresses through Layers 1, 2, and 3 of the network stack, an attacker can use this to assume the identity of another device and confuse the network into diverting downlink and uplink traffic through it.
Xin'an Zhou, the lead author on the research, said in an interview, according to Ars Technica, that AirSnitch "breaks worldwide Wi-Fi encryption, and it might have the potential to enable advanced cyberattacks." He also added, "Advanced attacks can build on our primitives to [perform] cookie stealing, DNS and cache poisoning. Our research physically wiretaps the wire altogether so these sophisticated attacks will work. It's really a threat to worldwide network security."
AirSnitch does not break encryption at all, but it challenges the general assumption that encrypted clients cannot attack each other because they've been cryptographically isolated.
[...] The researchers found that these vulnerabilities exist in five popular home routers - Netgear Nighthawk x6 R8000, Tenda RX2 Pro, D-LINK DIR-3040, TP-Link Archer AXE75, and Asus RT-AX57 - two open-source firmwares - DD-WRT v3.0-r44715 and OpenWrt 24.10 - and across two university enterprise networks. This shows that the issue is not just limited to how manufacturers make and program their routers. Instead, it's a problem with Wi-Fi itself, where its architecture is vulnerable to attackers who know how to take advantage of its flaws.
While this may sound bad, the researchers pointed out that this type of attack is rather complicated, especially with how complicated modern wireless networks have become. Still, that does not mean that manufacturers and standardization groups should ignore this problem. The group hoped that this revelation would force the industry to come together and create a rigorous set of requirements for client isolation and avoid this flaw in the future.
Read more of this story at SoylentNews.