Apr 1, 2023
Allows side-channel attacks
WiFi devices like your cellphone, tablet, and smart doorbell use the IEEE 802.11 WiFi standard. The standard includes mechanisms to help conserve power when your devices are sleeping, but this feature can also enable network hijacking.
This is Katy Craig in San Diego, California.
Power-saving mechanisms in the 802.11 protocol allow the buffering or queuing of frames destined for sleeping devices. That means your messages stack up while your cellphone is asleep rather than pinging it to death and draining your battery. Once the device wakes up, the access point dequeues the buffered frames, applies encryption, and transmits them to the destination. And this is where the bad guys come in.
Attackers can take advantage of this by spoofing the MAC address of a device on the network and sending power-saving frames to access points. This forces the access points to start queuing frames destined for the target, and the attacker can transmit a wake-up frame to retrieve the frame stack. The attacker can also change the security context of the frames which forces the access point to send the frames in plaintext or encrypt them with a key that the attacker gives it.
The best defense against this is to use transport layer security and end-to-end encryption. Messaging apps like iMessage and Signal do this natively, so stick with one you’re comfortable with.
This is Katy Craig. Stay safe out there.