With ICMP magic, you can snoop on vulnerable HiSilicon, Qualcomm-powered Wi-Fi

2023-04-07 07:30

A vulnerability identified in at least 55 Wi-Fi router models can be exploited by miscreants to spy on victims' data as it's sent over a wireless network.

Eggheads in China and the US have published details of a security shortcoming in the network processing units in Qualcomm and HiSilicon chips found at the heart of various wireless access points.

The flaw prevents the devices from blocking forged Internet Control Message Protocol messages; these messages can be abused to hijack and observe a victim's wireless connectivity.

ICMP is a network layer protocol primarily used for diagnosing network traffic issues.

WPA - including WPA2 and WPA3 - is supposed to protect each device on a wireless network from snooping: the traffic between each client-router pair is individually encrypted so that other clients, even those on the same Wi-Fi network, can't sniff the radio waves and observe another's data as it goes over the air.

A snoop on the network can send ICMP redirect messages, dressed up as though they are legit and coming from the Wi-Fi router, to a victim via the AP so that the victim's device eventually redirects its network traffic to a system under the spy's control, allowing the miscreant to siphon off and observe their Wi-Fi traffic.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/04/07/wifi_access_icmp/

#qualcomm #wifi