Apple's decision to support MAC address randomization on its platforms may provide some degree of protection against a recently identified Wi-Fi flaw, the researchers say, that could allow attackers to hijack network traffic. iOS, Linux, and Android devices may be vulnerable.
The problem is how the standard handles energy savings
Researchers have identified a fundamental flaw in the design of the IEEE 802.11 Wi-Fi standard that attackers could exploit to trick access points (Wi-Fi base stations) into leaking information. The researchers do not claim that the vulnerability is being actively exploited, but warn that it could allow the interception of network traffic.
The attack exploits an inherent vulnerability in the data containers (network frameworks) that routers rely on to move information across the network and how access points handle devices that go into power-saving mode.
To carry out the attack, the criminals must forcibly disconnect the victim's device before it successfully connects to the network, spoof the device's MAC address to connect to the network using the attacker's credentials, and then enter the password. answer. The vulnerability exploits power-saving behavior on the device as part of the Wi-Fi standard to force unencrypted data exchange.
The researchers released an open source tool called MacStealer to test the vulnerability of Wi-Fi networks.
Cisco downplayed the report, saying that "information obtained by the attacker would be of minimal value in a securely configured network."
However, the company recommends that network administrators take action: "To reduce the likelihood that the attacks described in the document will succeed, Cisco recommends using policy enforcement mechanisms through a system such as the Cisco Identity Services Engine (ISE). ), which can restrict network access by implementing Cisco TrustSec or Software Defined Access (SDA) technologies.
"Cisco also recommends implementing transport layer security to encrypt data in transit whenever possible, as this would render the acquired data unusable by the attacker," the company said.
Security researchers point out that denial-of-service attacks against Wi-Fi access points have been around forever, arguing that the 802.11 standard needs to be updated to address new security threats. "Overall, our work highlights the need for the standard to consider queuing mechanisms in a changing security context," they wrote.
MAC address randomization
Apple recently extended its MAC address randomization feature to iPhones, iPads, Macs, and Apple Watches. This added layer of security helps hide devices that use randomly generated MAC addresses to connect to networks.
The MAC address is a device-specific 12-character number that can reveal information about the device and is used as part of the Wi-Fi standard. The router will use it to ensure that the requested data reaches the correct machine, because without this address, it would not recognize which machine to send the information to.
As explained here, randomizing MAC addresses helps hide the exact device on the network in a way that also makes data transmitted over that network a bit more complex to decode. Security experts agree that, in a broad sense, this could help make the form of attack identified by the researchers a bit more difficult to pull off. It's not foolproof protection, partly because network providers can turn it off and may require a real address to use the service.
MAC address randomization also does not apply when a device connects to a preferred wireless network, and if an attacker can identify the random address and connect it to the device, they can still mount an attack.
Every step you take to protect your devices, especially when using Wi-Fi hotspots, becomes more essential instead of less.
watch the guards
Watchguard's latest internet security report confirms that while there has been a decrease in the frequency of network-based attacks, many Wi-Fi networks could be vulnerable to exploitation. The report also reveals that endpoint ransomware has increased by 627%, while malware associated with phishing campaigns remains a persistent threat.
“A continuing and concerning trend in our data and research shows that encryption, or, more accurately, lack of decryption at the network perimeter, obscures the full picture of malware attack trends,” said Corey Nachreiner, director WatchGuard security. "It is critical that security professionals enable HTTPS inspection to ensure these threats are identified and addressed before they can do any harm."
Follow me on Mastodon or join me at AppleHolic's bar & grill and Apple discussion groups on MeWe.
Copyright © 2023 IDG Communications, Inc.