Security News > 2023 > March > Warning: Your wireless networks may leak data thanks to Wi-Fi spec ambiguity
Ambiguity in the Wi-Fi specification has left the wireless networking stacks in various operating systems vulnerable to several attacks that have the potential to expose network traffic.
Wi-Fi frames contain various kinds of data related to network traffic and routing.
To exploit this flaw, an attacker can send a spoofed Power-Save frame followed by an Authentication or Association frame to reset the wireless connection.
The result is a data frame leak that can take different forms depending on the operating system involved.
A successful attack may, for example, expose frame data in plain text or leave it protected only by a network group key or an all-zero encryption key.
Cisco, one of the vendors cited in the research paper, has issued an informational advisory that downplays the consequences of the wireless flaw by noting that "Information gained by the attacker would be of minimal value in a securely configured network." By that we reckon Cisco means if you're encapsulating your wireless network traffic in transit using, say, SSH or TLS, it should remain protected by those protocols even if frames leak.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/03/30/wifi_spec_ambiguity_leak/