{"id":21619,"date":"2023-03-31T10:30:17","date_gmt":"2023-03-31T18:30:17","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2023\/03\/31\/news-15350\/"},"modified":"2023-03-31T10:30:17","modified_gmt":"2023-03-31T18:30:17","slug":"news-15350","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2023\/03\/31\/news-15350\/","title":{"rendered":"Researchers warn of Wi-Fi security flaw affecting iOS, Android, Linux"},"content":{"rendered":"

<\/p>\n

Apple\u2019s decision to support MAC Address Randomization across its platforms may provide some degree of protection against a newly-identified Wi-Fi flaw researchers say\u00a0could let attackers hijack network traffic<\/a>. iOS, Linux, and Android devices may be vulnerable.<\/p>\n

The researchers have identified a fundamental flaw in the design of the IEEE 802.11 Wi-Fi standard attackers could exploit to trick access points (Wi-Fi base stations) into leaking information. The researchers do not claim the vulnerability is being actively exploited, but warn that it might enable the interception of network traffic.<\/p>\n

The attack exploits an inherent vulnerability in the data containers (network frames) routers rely on to move information across the network and how access points handle devices that enter power-saving mode.<\/p>\n

To achieve the attack, miscreants must forcibly disconnect the victim device before it properly connects to the network, spoof the MAC address of the device to connect to the network using the attacker\u2019s credentials, then grab the response. The vulnerability exploits on-device power-save behavior within the Wi-Fi standard to force data to be shared in unencrypted form<\/a>.<\/p>\n

The researchers have published an open source tool called\u00a0MacStealer<\/a>\u00a0to test Wi-Fi networks for the vulnerability.<\/p>\n

Cisco downplayed the report<\/a>, saying \u201cinformation gained by the attacker would be of minimal value in a securely configured network.”<\/p>\n

The company does, however, recommend that network admins take action: \u201cTo reduce the probability that the attacks that are outlined in the paper will succeed, Cisco recommends using policy enforcement mechanisms through a system like Cisco Identity Services Engine (ISE), which can restrict network access by implementing Cisco TrustSec or Software Defined Access (SDA) technologies.<\/p>\n

“Cisco also recommends implementing transport layer security to encrypt data in transit whenever possible because it would render the acquired data unusable by the attacker,\u201d the company said.<\/p>\n

The security researchers point out that denial-of-service attacks against Wi-Fi access points have been around forever, arguing that the 802.11 standard needs to be upgraded to meet new security threats. \u201cAltogether, our work highlights the need for the standard to consider queuing mechanisms under a changing security context,\u201d\u00a0they wrote<\/a>.<\/p>\n

Apple recently extended its MAC Address Randomization feature across iPhones, iPads, Macs, and the Apple Watch. This additional layer of security helps mask devices by using randomly generated MAC addresses to connect to networks.<\/p>\n

The MAC address is a device specific 12-character number<\/a> that can reveal information concerning the device and is used as an intrinsic part of the Wi-Fi standard. The router will use this to ensure requested data goes to the correct machine, as without that address it would not recognize which machine to send information to.<\/p>\n

As explained here<\/a>, MAC Address Randomization helps mask the exact device on the network in a way that also makes data transmitted over that network a little more complex to decode. Security experts agree that, in a broad sense, it might help make the form of attack identified by the researchers a little harder to pull off. It isn\u2019t foolproof protection, in part because it can be disabled by network providers who might insist on an actual address for use of the service.<\/p>\n

MAC Address Randomization is also not enforced when a device connects to a preferred wireless network, and if an attacker is able to identify the random address and connect it to the device they could still mount an attack.<\/p>\n

Every step you take to protect your devices, particularly when using Wi-Fi hotspots<\/a>, is becoming more essential, rather than less.<\/p>\n

Watchguard\u2019s latest Internet Security Report<\/a> confirms that while there has been some decline in the frequency of network-based attacks, many Wi-Fi networks might be vulnerable to the exploit.\u00a0The report also reveals that endpoint\u00a0ransomware increased\u00a0a startling\u00a0627%,\u00a0while\u00a0malware associated with phishing campaigns\u00a0continues to be\u00a0a persistent threat.<\/p>\n

\u201cA continuing\u00a0and concerning\u00a0trend in our\u00a0data and\u00a0research shows\u00a0that\u00a0encryption \u2014 or, more accurately, the lack of decryption at the network perimeter \u2014 is hiding the full picture of\u00a0malware\u00a0attack trends,\u201d\u00a0said Corey Nachreiner,\u00a0chief\u00a0security\u00a0officer at WatchGuard.\u00a0\u201cIt is critical for security professionals to enable\u00a0HTTPS inspection\u00a0to ensure these threats are\u00a0identified and addressed before they can do damage.\u201d<\/p>\n

Please follow me on\u00a0Mastodon<\/a>, or join me in the\u00a0AppleHolic\u2019s bar & grill<\/a>\u00a0and\u00a0<\/em>Apple<\/em>\u00a0Discussions<\/em><\/a>\u00a0groups on MeWe.<\/em><\/p>\n

http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

\n
\n

Apple\u2019s decision to support MAC Address Randomization across its platforms may provide some degree of protection against a newly-identified Wi-Fi flaw researchers say\u00a0could let attackers hijack network traffic<\/a>. iOS, Linux, and Android devices may be vulnerable.<\/p>\n

The problem is how the standard handles power-saving<\/strong><\/h2>\n

The researchers have identified a fundamental flaw in the design of the IEEE 802.11 Wi-Fi standard attackers could exploit to trick access points (Wi-Fi base stations) into leaking information. The researchers do not claim the vulnerability is being actively exploited, but warn that it might enable the interception of network traffic.<\/p>\n

To read this article in full, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[2211,10480,10554,714,24580],"class_list":["post-21619","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-apple","tag-ios","tag-mobile","tag-security","tag-small-and-medium-business"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/21619","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=21619"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/21619\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=21619"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=21619"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=21619"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}