Communications of the ACM
New Security Flaw Discovered in Wi-Fi Routers
Researchers at the University of California, Riverside found an irreparable flaw that resides in all modern Wi-Fi routers.
Credit: makeuseof.com
University of California, Riverside researchers have found an irreparable flaw in all modern Wi-Fi routers.
Researchers Zhiyun Qian and Weiteng Chen say the vulnerability exploits the interaction of transmission control protocol (TCP) and Wi-Fi, taking advantage of a fundamental Wi-Fi design decision that is extremely difficult to change.
TCP divides information into sections that can be transmitted between computers over the Internet, with each packet receiving a number within a sequence unique to a specific communication. The first number of the initial sequence is random, but the ensuing numbers rise predictably so the receiving computer can arrange them correctly.
To intercept this communication, an attacker must pretend to be the sender and guess the next number in the sequence.
Because wireless routers can only transmit data in one direction at a time, there is a time gap between a request and a response, giving the attacker an opportunity to guess the sequence and hijack the communication.
The attacker can then insert a different copy of the webpage into the browser cache using a tactic known as web cache poisoning.
The flaw can be exploited to spread fake news, steal sensitive data, carry out espionage, and interfere with critical activities managed via wireless Internet.
To fix the flaw, routers would need to be redesigned to operate on different frequencies for transmitting and receiving data.
From University of California, Riverside
View Full Article
Abstracts Copyright © 2018 Information Inc., Bethesda, Maryland, USA
No entries found