I do think it's an end-of-the-world type vulnerability, at least as far as Wi-Fi goes.
1) The paper claims confidentiality compromise allows the attacker to hijack a tcp connection: "allow an adversary to decrypt a TCP packet, learn the sequence number, and hijack the TCP stream to inject arbitrary data", this on all cases, even in the cases where it doesn't allow forgery (CCMP)
2) There's no such claim on the paper and according to the researcher, exploiting this on Android and Linux is trivial. Apparently also macOS. Did you see the video on their website?
3) There's no way for you to control this (apps, https stripping, for instance). Most importantly, there's no way for the average user to control this, short than using a VPN.
Again, as far as Wi-Fi security goes, seems pretty end-of-the-world to me. I don't think the huge attention this is getting is unwarranted.
> The discovered vulnerabilities affect all modern security protocols of Wi-Fi, including the latest WPA3 specification. Even the original security protocol of Wi-Fi, called WEP, is affected.
> in practice the biggest concern are the programming mistakes in Wi-Fi products since several of them are trivial to exploit.
Any indication which devices are known to be affected? None of the pages I've read so far give that information. Though it could be that this information is subject to "responsible disclosure" and won't be released until manufacturers have had a reasonable amount of time to release patches.
Several of the implementation flaws allow an attacker to essentially inject plaintext frames in a Wi-Fi network. All that's needed is being within range of the network (with an extender you can still be far away). I agree that the design flaws aren't that serious! But that's also explicitly mentioned on the website so...
Edit: injection can be used to punch a hole in the router's NAT so someone can directly try to attack your devices. As always there world isn't burning down. But I think it's interesting research :)
Because it hasn't been seen before, it's not likely that it has been exploited. Even after knowing about the flaw for a while, the Wi-Fi Alliance says there is no evidence that this was used maliciously before. https://www.wi-fi.org/news-events/newsroom/wi-fi-alliance-se... We can't know absolutely but with all the attention wifi has gotten since the days of war driving, there's a good chance it would have been caught.
"A fundamental vulnerability in the Network Processing Unit (NPU) chipset has been uncovered recently, which can be exploited by attackers to eavesdrop on data transmitted over a wireless network, affecting over 89% of real-world Wi-Fi networks." [0]
There's something very off about this story, especially since it doesn't even attempt to mention obvious scenarios like "what if I have WiFi turned off?".
If iOS would actually try to find WiFi networks with WiFi turned off, that would be a much bigger story than some exploitable vulnerability. This whole story smells of sensationalism over facts.
I would argue that "building, and leaving open" Wifi connectivity that is not even remotely obfuscated is proof in itself of "failure to consider security aspects".
What can an ordinary person do? Plugging out the network cable? What about laptops? Can this vulnerability hack into Wi-Fi and allow itself to the internet? But then again the moment you plug internet back in you're done.
This is one of the most serious and instructive pieces of technical security work we're likely to see this year. In case it hasn't sunk it:
- This vulnerability affects tons of smart phones (iPhone, Nexus, Samsung S*).
- The attack proceeds silently over WiFi -- you wouldn't see any indication you've been nailed.
- Mitigations and protections on WiFi embedded chips are weak.
- The second blog post will show how to fully commandeer the main phone processor by _hopping from the WiFi chip to the host_.
Imagine the havoc you could wreak by walking around a large city downtown, spewing out exploits to anyone who comes into WiFi range :-)
I don't think it's a lot of consolation saying something along the lines of "Wi-Fi security is broken, but it's not so bad because it's Wi-Fi"
reply