Security News > 2023 > April > Researchers claim they can bypass Wi-Fi encryption (briefly, at least)

Researchers claim they can bypass Wi-Fi encryption (briefly, at least)
2023-04-03 18:59

The answer, our researchers discovered, is that so-called active adversaries might be able to shake loose at least some queued-up data from at least least some access points.

The researchers figured out various ways of tricking some access points into releasing those queued-up network packets.

Either without any encryption at all, or encrypted with a new session key that they chose for the purpose.

Annoyingly, the "I am going taking a nap now" requests were not themselves encrypted, so the researchers didn't even need to know the Wi-Fi network password, let alone to have sniffed out the setup of your original session key.

Then they'd pretend that they were your laptop or phone "Waking back up", ask to reassociate to the access point with no encryption key set this time, and sniff out any queued-up replies left over from before.

If a client disconnects and wants to reconnect with a new session key, refuse to re-encrypt queued data received under the old key.


News URL

https://nakedsecurity.sophos.com/2023/04/03/researchers-claim-they-can-bypass-wi-fi-encryption-briefly-at-least/