Ambiguity in the Wi-Fi specification has left the wireless networking stacks in various operating systems vulnerable to several attacks that have the potential to expose network traffic.
The design oversight was described in a presentation this week at the 2023 Real World Crypto Symposium, in Tokyo, Japan, by Mathy Vanhoef, a professor at KU Leuven in Belgium. "Crypto" in this context stands for cryptography rather than notional currency.
Vanhoef and co-authors Domien Schepers and Aanjhan Ranganathan, both from Northeastern University in the US, describe their findings more fully in a paper [PDF] titled, "Framing Frames: Bypassing Wi-Fi Encryption by Manipulating Transmit Queues." The paper is scheduled to be presented at the Usenix Security Symposium later this year.
In a video presentation, Vanhoef explains that the kr00k attack, revealed by ESET in 2019 and described as a Wi-Fi implementation flaw, is related to the attacks he and his colleagues developed. Having now identified several similar vulnerabilities, he argues that the Wi-Fi standard (IEEE 802.11) is not specific enough about how to handle buffered frames.
Wi-Fi frames contain various kinds of data related to network traffic and routing. They include a header, a body, and a trailer, and they help move data from one point to another.
Wi-Fi access points will queue frames associated with various warning wireless networks thanks ambiguity
