Skip to main content

Posts

Showing posts with the label 2023 at 02:24AM

New Wi-Fi Protocol Security Flaw Affecting Linux, Android and iOS Devices.

#Information_is_Power  .   A group of academics from Northeastern University and KU Leuven has disclosed a fundamental design flaw in the IEEE 802.11 Wi-Fi protocol standard, impacting a wide range of devices running Linux, FreeBSD, Android, and iOS. Successful exploitation of the shortcoming could be abused to hijack TCP connections or intercept client and web traffic, researchers Domien Schepers, Aanjhan Ranganathan, and Mathy Vanhoef said in a paper published this week. The approach exploits power-save mechanisms in endpoint devices to trick access points into leaking data frames in plaintext, or encrypt them using an all-zero key. “The unprotected nature of the power-save bit in a frame’s header […] also allows an adversary to force queue frames intended for a specific client resulting in its disconnection and trivially executing a denial-of-service attack,” the researchers noted. In other words, the goal is to leak frames from...