Your wireless network could be “leaking” data
Bad actors can grab your WIFI data by using a Kr00k attack.
Share this article...
WePC is reader-supported. When you buy through links on our site, we may earn an affiliate commission. Prices subject to change. Learn more
There’s some ambiguity in the WiFi specification that leaves wireless network stacks in a wide variety of operating systems open to attacks. Specifically attacks that can expose network traffic. Should you be worried that your wireless network could be leaking data?
The design flaw was revealed at the Real Word Crypto Symposium, in Tokyo, Japan this week. Crypto means Cryptography, not cryptocurrency. Mathy Vanhoef, a professor at KU Leuven in Belgium, hosted the presentation. TheRegister reports.
Wireless networks are leaking data
Vanheof describes this issue as a WiFi implementation flaw involving buffered frames, he explains that the Wi-Fi standard (IEEE 802.11) is not specific enough about how to handle buffered frames.
Attackers can then use a kr00k attack to access these buffered frames and in turn your network traffic. But what exactly is a buffered frame? And what’s so scary about accessing network traffic?
Buffered frames
In the context of network traffic, a buffered frame refers to a data packet that has been temporarily stored in a buffer before being transmitted over the network.
Network devices such as switches and routers often use buffers to manage the flow of network traffic. When a device receives data packets that exceed the capacity of its outbound port, it may temporarily store the excess packets in a buffer until the port becomes available to transmit them.
In this situation, the excess packets are said to be “buffered,” meaning that they are held in a buffer until they can be transmitted. Once the port becomes available, the buffered frames are sent out in the received order.
Network traffic
Network traffic refers to the amount of data that is transmitted over a network between two or more devices.
This data can take many forms, including web pages, emails, video streams, file transfers, and more. Network traffic can be transmitted over wired or wireless connections, and can occur on local area networks (LANs), wide area networks (WANs), or the internet.
Network traffic can be measured in several different ways, including the amount of data transmitted over a given time period (bandwidth), the number of data packets transmitted per second (packet rate), and the number of connections established per second (connection rate).
So as you can see, network traffic is basically whatever you’re doing on the internet, whether that’s writing an e-mail, watching a video, or playing a game. All of your activities on the web have to be inbound on your device and outbound to the web.
How are wireless networks leaking data?
The fact that wireless networks are leaking data is less to do with the networks themselves and more to do with how the network handles buffered WiFi frames, and the security context they fall under.
According to Vanheof and his fellow researchers, the Wi-Fi specification fails to describe how to manage the security of buffered frames. And this has implications for the security of devices connecting wirelessly over Linux, FreeBSD, iOS, and Android. However, there was no mention of Windows.
A flaw can be exploited by an attacker by sending a false Power-Save frame, which signifies that a client is about to enter sleep mode. After this, the attacker can send an Authentication or Association frame to reset the wireless connection.
This results in the access point deleting the client’s pairwise key. If the attacker sends a Wake-Up frame, the access point will start sending the buffered data without a defined security context, rather than discarding it. Consequently, various types of data frame leaks can occur, depending on the operating system used.
For instance, a successful attack may expose plain-text frame data or data that is protected only by an all-zero encryption key or a network group key. In other words, the attacker now has a direct tap into your network traffic and can see everything you’re doing online. This kind of attack is known as a MIM attack or man-in-the-middle.
Vanhoef and co-authors Domien Schepers and Aanjhan Ranganathan both from Northeastern University in the US, have detailed their findings in this PDF titled “Framing Frames: Bypassing Wi-Fi Encryption by Manipulating Transmit Queues.” If you want to read much more into it yourself. The paper is also due to be presented at the Usenix Security Symposium later this year.
Should you be worried about this WiFi vulnerability?
If you’re the average jo, then no. If you own a big business with a large network infrastructure that holds very very valuable data, then yes, maybe.
It’s important to note that this is a fairly local attack, the attacker will have to be in radio range of an access point, or ideally already part of the network.
So you, at home, gaming away, are probably at very little risk of a kr00k attack, but the risk is never Zero. Let this serve as your daily reminder to always conduct good network security practices, no matter how insignificant something may seem.
