{"id":623567,"date":"2023-03-30T09:49:30","date_gmt":"2023-03-30T14:49:30","guid":{"rendered":"https:\/\/news.sellorbuyhomefast.com\/index.php\/2023\/03\/30\/this-worrying-security-flaw-might-let-hackers-hijack-your-wi-fi\/"},"modified":"2023-03-30T09:49:30","modified_gmt":"2023-03-30T14:49:30","slug":"this-worrying-security-flaw-might-let-hackers-hijack-your-wi-fi","status":"publish","type":"post","link":"https:\/\/newsycanuse.com\/index.php\/2023\/03\/30\/this-worrying-security-flaw-might-let-hackers-hijack-your-wi-fi\/","title":{"rendered":"This worrying security flaw might let hackers hijack your Wi-Fi"},"content":{"rendered":"<article aria-label=\"article\" data-id=\"TY72yyTzAnXM3Z9ZFsZrXH\">\n<header>\n<nav aria-label=\"Breadcrumbs\">\n<ol>\n<li>\n<a href=\"https:\/\/www.techradar.com\" aria-label=\"Return to Home\">Home<\/a>\n<\/li>\n<li>\n<a href=\"https:\/\/www.techradar.com\/news\" aria-label=\"Return to News\">News<\/a>\n<\/li>\n<li>\n<a href=\"https:\/\/www.techradar.com\/computing\" aria-label=\"Return to Computing\">Computing<\/a>\n<\/li>\n<\/ol>\n<\/nav>\n<\/header>\n<section>\n<div itemprop=\"image\" itemscope itemtype=\"https:\/\/schema.org\/ImageObject\">\n<div>\n<picture><source type=\"image\/webp\" alt=\"Representational image of internet connections against a cityscape.\" onerror=\"if(this.src &#038;&#038; this.src.indexOf('missing-image.svg') !== -1){return true;};this.parentNode.replaceChild(window.missingImage(),this)\"   data-original-mos=\"https:\/\/cdn.mos.cms.futurecdn.net\/gAEEhv8Ly6Pw8bx6FV2oQZ.jpg\" data-pin-media=\"https:\/\/cdn.mos.cms.futurecdn.net\/gAEEhv8Ly6Pw8bx6FV2oQZ.jpg\"><source type=\"image\/jpeg\" alt=\"Representational image of internet connections against a cityscape.\" onerror=\"if(this.src &#038;&#038; this.src.indexOf('missing-image.svg') !== -1){return true;};this.parentNode.replaceChild(window.missingImage(),this)\"   data-original-mos=\"https:\/\/cdn.mos.cms.futurecdn.net\/gAEEhv8Ly6Pw8bx6FV2oQZ.jpg\" data-pin-media=\"https:\/\/cdn.mos.cms.futurecdn.net\/gAEEhv8Ly6Pw8bx6FV2oQZ.jpg\"><img decoding=\"async\" src=\"https:\/\/cdn.mos.cms.futurecdn.net\/gAEEhv8Ly6Pw8bx6FV2oQZ-320-80.jpg\" alt=\"Representational image of internet connections against a cityscape.\" onerror=\"if(this.src &#038;&#038; this.src.indexOf('missing-image.svg') !== -1){return true;};this.parentNode.replaceChild(window.missingImage(),this)\"   data-original-mos=\"https:\/\/cdn.mos.cms.futurecdn.net\/gAEEhv8Ly6Pw8bx6FV2oQZ.jpg\" data-pin-media=\"https:\/\/cdn.mos.cms.futurecdn.net\/gAEEhv8Ly6Pw8bx6FV2oQZ.jpg\"><\/picture>\n<\/div>\n<p><meta itemprop=\"url\" content=\"https:\/\/cdn.mos.cms.futurecdn.net\/gAEEhv8Ly6Pw8bx6FV2oQZ.jpg\"><br \/>\n<meta itemprop=\"height\" content=\"600\"><br \/>\n<meta itemprop=\"width\" content=\"338\"><figcaption itemprop=\"caption description\">\n<span itemprop=\"copyrightHolder\">(Image credit: Shutterstock \/ metamorworks)<\/span><br \/>\n<\/figcaption><\/div>\n<div id=\"article-body\">\n<p>The IEEE 802.11 Wi-Fi protocol standard carries a security flaw that could allow threat actors to steal sensitive data and inject malicious content, researchers are saying.<\/p>\n<p>Wi-Fi <a href=\"https:\/\/www.techradar.com\/news\/networking\/routers-storage\/best-router-9-top-wireless-routers-on-test-1090523\" target=\"_blank\" rel=\"noopener\">routers<\/a><span> (opens in new tab)<\/span> share between them network frames &#8211; data containers that include things like the MAC address of the source and destination endpoints, or control and management data.<\/p>\n<p>If a Wi-Fi device is in power-saving mode (sleep mode), the incoming frames will be queued, to be dequeued, encrypted, and transmitted to the destination, once it wakes up and leaves the power-saving mode.<\/p>\n<h2 id=\"limited-impact\">Limited impact<\/h2>\n<p>In theory, a threat actor could spoof the MAC address of a network device and send a power-saving frame, essentially telling the destination device to start queuing frames. Then, they can transmit a wake-up frame and grab all of the frames that were queued in the meantime.<\/p>\n<p>While the frames will be encrypted, the threat actors can send authentication and association frames to the destination <a href=\"https:\/\/www.techradar.com\/news\/best-endpoint-security-software\">endpoint<\/a>, and in doing so change the security context of the frames. Consequently, the transmitted frames will come in plaintext, or with encryption to which the attackers have the decryption key.<\/p>\n<p>Devices from Lancom, Aruba, Cisco, Asus, and D-Link, are just some of those affected by this flaw.<\/p>\n<p>&#8220;Our attacks have a widespread impact as they affect various devices and operating systems (Linux, FreeBSD, iOS, and Android) and because they can be used to hijack TCP connections or intercept client and web traffic,&#8221; the researchers &#8211; Domien Schepers and Aanjhan Ranganathan of Northeastern University, and Mathy Vanhoef of imec-DistriNet, KU Leuven &#8211; said in their report.<\/p>\n<p>They also said that the vulnerability could be used to add malicious content into TCP packets, JavaScript included.<\/p>\n<p>&#8220;An adversary can use their own Internet-connected server to inject data into this TCP connection by injecting off-path TCP packets with a spoofed sender IP address.&#8221;\u00a0<\/p>\n<p>&#8220;This can, for instance, be abused to send malicious JavaScript code to the victim in plaintext HTTP connections with as goal to exploit vulnerabilities in the client&#8217;s browser.&#8221;<\/p>\n<p>The vulnerability can be used to eavesdrop on Wi-Fi traffic, the researchers added, but the impact of the flaw should be somewhat limited.<\/p>\n<p>&#8220;This attack is seen as an opportunistic attack, and the information gained by the attacker would be of minimal value in a securely configured network,&#8221; BleepingComputer cited Cisco. Yet, the company suggests business use policy enforcement mechanisms, to be on the safe side.<\/p>\n<p>&#8220;Cisco also recommends implementing transport layer security to encrypt data in transit whenever possible because it would render the acquired data unusable by the attacker.\u201d<\/p>\n<ul>\n<li>Check out the <a href=\"https:\/\/www.techradar.com\/best\/best-identity-theft-protection\" target=\"_blank\" rel=\"noopener\">best ID theft protection<\/a><span> (opens in new tab)<\/span> right now<\/li>\n<\/ul>\n<p>Via: <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/wifi-protocol-flaw-allows-attackers-to-hijack-network-traffic\/\" target=\"_blank\" data-url=\"https:\/\/www.bleepingcomputer.com\/news\/security\/wifi-protocol-flaw-allows-attackers-to-hijack-network-traffic\/\" rel=\"noopener\">BleepingComputer<\/a><span> (opens in new tab)<\/span><\/p>\n<\/div>\n<div data-hydrate=\"true\" data-reactroot id=\"slice-container-newsletterForm-articleInbodyContent\">\n<section>\n<p>Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!<\/p>\n<\/section>\n<\/div>\n<div data-reactroot id=\"slice-container-authorBio\">\n<p>Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he\u2019s written for numerous media outlets, including Al Jazeera Balkans. He\u2019s also held several modules on content writing for Represent Communications.<\/p>\n<\/div>\n<\/section>\n<p><a href=\"https:\/\/www.techradar.com\/news\/this-worrying-security-flaw-might-let-hackers-hijack-your-wi-fi\" class=\"button purchase\" rel=\"nofollow noopener\" target=\"_blank\">Read More<\/a><br \/>\n Augustine Pepper<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Home News Computing (Image credit: Shutterstock \/ metamorworks) The IEEE 802.11 Wi-Fi protocol standard carries a security flaw that could allow threat actors to steal sensitive data and inject malicious content, researchers are saying.Wi-Fi routers (opens in new tab) share between them network frames &#8211; data containers that include things like the MAC address of<\/p>\n","protected":false},"author":1,"featured_media":623568,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[20,46,28316],"tags":[],"class_list":{"0":"post-623567","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-security","8":"category-technology","9":"category-worrying"},"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/623567","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/comments?post=623567"}],"version-history":[{"count":0,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/623567\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media\/623568"}],"wp:attachment":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media?parent=623567"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/categories?post=623567"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/tags?post=623567"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}