Cloud Hosting

Apples decision to support MAC Address Randomization across its platforms may provide some degree of protection against a newly-identified Wi-Fi flaw researchers saycould let attackers hijack network traffic. iOS, Linux, and Android devices may be vulnerable.

The researchers have identified a fundamental flaw in the design of the IEEE 802.11 Wi-Fi standard attackers could exploit to trick access points (Wi-Fi base stations) into leaking information. The researchers do not claim the vulnerability is being actively exploited, but warn that it might enable the interception of network traffic.

The attack exploits an inherent vulnerability in the data containers (network frames) routers rely on to move information across the network and how access points handle devices that enter power-saving mode.

To achieve the attack, miscreants must forcibly disconnect the victim device before it properly connects to the network, spoof the MAC address of the device to connect to the network using the attackers credentials, then grab the response. The vulnerability exploits on-device power-save behavior within the Wi-Fi standard to force data to be shared in unencrypted form.

The researchers have published an open source tool calledMacStealerto test Wi-Fi networks for the vulnerability.

Cisco downplayed the report, saying information gained by the attacker would be of minimal value in a securely configured network."

The company does, however, recommend that network admins take action: To reduce the probability that the attacks that are outlined in the paper will succeed, Cisco recommends using policy enforcement mechanisms through a system like Cisco Identity Services Engine (ISE), which can restrict network access by implementing Cisco TrustSec or Software Defined Access (SDA) technologies.

"Cisco also recommends implementing transport layer security to encrypt data in transit whenever possible because it would render the acquired data unusable by the attacker, the company said.

The security researchers point out that denial-of-service attacks against Wi-Fi access points have been around forever, arguing that the 802.11 standard needs to be upgraded to meet new security threats. Altogether, our work highlights the need for the standard to consider queuing mechanisms under a changing security context,they wrote.

Apple recently extended its MAC Address Randomization feature across iPhones, iPads, Macs, and the Apple Watch. This additional layer of security helps mask devices by using randomly generated MAC addresses to connect to networks.

The MAC address is a device specific 12-character number that can reveal information concerning the device and is used as an intrinsic part of the Wi-Fi standard. The router will use this to ensure requested data goes to the correct machine, as without that address it would not recognize which machine to send information to.

As explained here, MAC Address Randomization helps mask the exact device on the network in a way that also makes data transmitted over that network a little more complex to decode. Security experts agree that, in a broad sense, it might help make the form of attack identified by the researchers a little harder to pull off. It isnt foolproof protection, in part because it can be disabled by network providers who might insist on an actual address for use of the service.

MAC Address Randomization is also not enforced when a device connects to a preferred wireless network, and if an attacker is able to identify the random address and connect it to the device they could still mount an attack.

Every step you take to protect your devices, particularly when using Wi-Fi hotspots, is becoming more essential, rather than less.

Watchguards latest Internet Security Report confirms that while there has been some decline in the frequency of network-based attacks, many Wi-Fi networks might be vulnerable to the exploit.The report also reveals that endpointransomware increaseda startling627%,whilemalware associated with phishing campaignscontinues to bea persistent threat.

A continuingand concerningtrend in ourdata andresearch showsthatencryption or, more accurately, the lack of decryption at the network perimeter is hiding the full picture ofmalwareattack trends,said Corey Nachreiner,chiefsecurityofficer at WatchGuard.It is critical for security professionals to enableHTTPS inspectionto ensure these threats areidentified and addressed before they can do damage.

Please follow me onMastodon, or join me in theAppleHolics bar & grillandAppleDiscussionsgroups on MeWe.

Follow this link:
Researchers warn of Wi-Fi security flaw affecting iOS, Android, Linux - Computerworld