Featured in this episode of Chaos Lever
The WiFi you use everyday is meant to adhere to the IEEE 802.11 standard, defining what to implement on a given vendor’s WiFi gear. While the standard defines the what, sometimes it’s a little light on the how, and that ambiguity leaves room for security flaws such as the one discovered by researchers at Northeastern University.
The so-called kr00k attack takes advantage of how a wireless router handles buffered frames when a device goes into sleep mode and then re-awakens. An attacker can spoof a Power-Save frame to the router and then an Authenticate/Associate frame to restart transmission. Queued frames are then sent either in a non-encrypted form or with a key inserted by the attacker.
The exploit depends heavily on how both the client and router handle the negotiation of security keys. Fortunately, you can protect yourself by simply using TLS for your network communications wherever possible. There’s also a tool called MacStealer that will test your network for vulnerability.
Patches from your wireless vendor of choice will be forthcoming, so as we always say: patch early, patch often, and use a VPN when out and about.