SoylentNews is people
SoylentNews
New Vulnerabilities in Wi-Fi Security Revealed:
[Mathy] Vanhoef, who is affiliated with KU Leuven and New York University Abu Dhabi, found three vulnerabilities in the Wi-Fi security protocol. He also identified several programming errors in devices with Wi-Fi connections. For the study, he tested 75 devices, including smartphones, laptops, and smart devices. All devices that were tested were vulnerable to at least one of the discovered flaws.
The weaknesses found in the Wi-Fi security protocols are very difficult to exploit, which may explain why they remained under the radar for a long time: Vanhoef found them in the current WPA3 protocol, but also in all previous security protocols, dating back to 1997.
[...] The programming errors that Vanhoef found in Wi-Fi devices are especially problematic for smart appliances and computers that have not been updated in a long time because it is easier to abuse them in these cases.
[...] There is no immediate cause for concern. “It’s impossible to tell if these flaws have already been abused. It seems rather unlikely because they went unnoticed for so long.” Over the past nine months, Vanhoef worked closely with many major IT companies, including Google and Microsoft, to fix the weaknesses. This happened via the Wi-Fi Alliance, an association of IT companies that jointly own and control the Wi-Fi trademark. Yesterday, they launched the necessary updates to fix the flaws.
[...] Visit fragattacks.com for more information about the discovered weaknesses.
He has created a website fragattacks.com which goes into considerable detail outlining the various flaws that were discovered. There are also links to tools that he has made available including a bootable live image. There is also a 6m30s video demonstration available on YouTube.
(Score: 2) by hopdevil on Wednesday June 09 2021, @06:20AM (1 child)
Seems like clickbait.
(Score: -1, Troll) by Anonymous Coward on Wednesday June 09 2021, @10:58AM
Here's a simple checklist to help you decide.
[X] posted by martyb
... yup, meets all the criteria.
(Score: 0) by Anonymous Coward on Wednesday June 09 2021, @06:52AM (2 children)
this is the travesty of alwayson connected devices, not like security and updates were not a thing before wifi.
(Score: 0) by Anonymous Coward on Wednesday June 09 2021, @09:48AM (1 child)
I wonder, why is wifi secured/authenticated in the first place? In principle every system and communication on a (wireless) network should be secure. Lets say all wifi APs would be open and everyone could connect to them to get network/internet access.
If the infrastructure of the network and the services would be completely separated that would mean the whole authentication/securing would be not needed.
See it as a lake/sea with ports/harbours, yet with wifi there would be a large fence around that lake/sea.
(Score: 0) by Anonymous Coward on Wednesday June 09 2021, @12:51PM
Wifi "security" is like a lock on a screen door. The only secure wireless network is one that's turned off.
(Score: 2) by Frosty Piss on Wednesday June 09 2021, @07:40AM
I’m shocked. Intertube connections through the air have vulnerabilities. I suppose now everyone will know what kind of pizza I order while watching sick perverted porn.
(Score: 2) by dltaylor on Wednesday June 09 2021, @08:39AM (13 children)
Many people, other than me, buy new phones often to get the "new, shiny". I don't allow wifi or a data connection on my phone, except in rare circumstances and never for very long (it's a phone). Wireless routers are often network-access vendors supplied, and hardly ever replaced. Personal devices are also rarely replaced, and software updates beyond a year are uncommon, which is why my home is all-wired. I do keep a device for guests, but nearly all of them have data plans, so, mostly, it gathers dust.
When will a conscientious SOHO user know when these and other devices have minimized their vulnerabilities?
(Score: 0) by Anonymous Coward on Wednesday June 09 2021, @09:48AM
You can check your CVE vendor statements. A collection is here: https://github.com/vanhoefm/fragattacks/blob/master/ADVISORIES.md [github.com]
(Score: 2) by RamiK on Wednesday June 09 2021, @10:30AM (10 children)
When they'll Faraday cage their home.
No seriously the baseband on your mobile is a privileged processor while the system OS is running on a VM so turning off the data / WiFi simply tells the system OS to not process the data stream. The baseband OS keeps the connection and WiFi scanning on regardless. Otherwise, WiFi Scanning and VoLTE wouldn't work in Airplane Mode.
So, fundamental protocol bugs are basically baseband backdoors. And if Intel's ME track record is any indication, there's a few explicit backdoors in there too.
compiling...
(Score: 1, Interesting) by Anonymous Coward on Wednesday June 09 2021, @02:35PM (6 children)
They don't.
You have to manually turn on WiFi and then your WiFi will work. The LTE clearly will not. What you can have is VoWiFi but that has nothing to do with LTE.
No seriously. You haven't heard of others processors than CPU? There are processors in a NIC that will assist in offloading some of the work on it from the CPU. That doesn't mean that you have some weird-ass notion of a VM. The processors work on their own workloads. Like a chip on a SIM works on its workload and passes functionality to something else. But it doesn't mean one becomes somehow subservient to another.
Get your ass out of the bizzaro world. Exploiting something doesn't mean
(Score: 4, Interesting) by RamiK on Thursday June 10 2021, @03:07AM (5 children)
WiFi Scanning isn't connecting to a WiFi network. It's logging the SSIDs as they're declared over the open channel. It's done passively despite Airplane mode. Turning it off only turns off the stream from being processed by the system. However, the baseband (processor) still runs hot (confirmed on Qualcomm SoCs) looking at those SSIDs for something. The theory is that there's a a switch statement in there looking for a specifically named SSID that allows backdoors just like how Intel's ME backdoor worked.
VoLTE is a QoS (QCI 9) over LTE and works even if you turn off mobile data. That means the TCP packets are being processed by the baseband processor.
https://en.wikipedia.org/wiki/QoS_Class_Identifier [wikipedia.org]
Welcome to Bizzaro world: https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-guri.pdf [usenix.org]
compiling...
(Score: 2) by maxwell demon on Thursday June 10 2021, @09:16AM (4 children)
Of course the whole point of airplane mode is the device not emitting radiation (which might interfere with airplane electronics). Passive scanning doesn't emit radiation, therefore there's no need to switch it off in airplane mode. And if passive scanning is done, it means that as soon as you go out of airplane mode, you'll immediately have a list of networks to connect to, without the need of waiting or actively sending out requests. Thus doing it makes sense outside of conspiracies.
Now if you switch your phone off and it still scans for networks, that is when you should get suspicious.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 0) by Anonymous Coward on Thursday June 10 2021, @10:39AM
I am afraid the GP has a little knowledge and filled in some of the rest with paranoia. The WiFi and other scanning is for WiPS, TTFF, and a myriad of other reasons that people who deal with this stuff should already know about. I could go on about other inaccuracies too, but I'll leave it there for brevity's sake.
(Score: 2) by TheGratefulNet on Thursday June 10 2021, @01:32PM (2 children)
I'm not convinced about this.
turning off the radio for wifi, entirely, does save power. not having to service any interrupts saves cpu.
I dont believe that ssid scanning or any reception AT ALL happens when you turn on airplane mode.
prove it. no handwaving, please. show specs or code (code, preferably).
I am in the car industry and have worked on car gateways, which use all the rf types (wifi, lte, gps, ble) and when we told our radio to turn off lte or wifi, it truly did and if I tried doing an ssid scan, nothing would work since the subsystem was actually shut down. this was with ublox hardware, which is a major player in the field and I assume other vendors are similar.
even linux; turn off your radio and try doing an ssid scan. it wont work. turning off radio REALLY DOES turn off the radio. you can see it with a current meter on the dc rails, as well.
"It is now safe to switch off your computer."
(Score: 2) by TheGratefulNet on Thursday June 10 2021, @01:35PM
oh, and the reason I know all this is because, with cars, there's a major push to save battery power (vampire drain as its often called).
you are agressive in how you put devices into sleep or lower power mode. if you CAN turn off wifi, you do it. if you CAN turn off some ethernet or CAN, you do it. every bit helps. a lot of car stuff these days is about how to get into and out of lower power modes, reliably (with networking and mixed os's, its actually quite hard).
so, we constantly watched current drain as we updated our code, drivers and sleep strat.
believe me, we dont spend time scanning for ssid if the radio is DOWN. talking to a dead person gives no replies and is a waste of time ;)
"It is now safe to switch off your computer."
(Score: 2) by RamiK on Thursday June 10 2021, @04:25PM
Read up on TSG22_R3_USE_12 (p.30): https://www.gsma.com/newsroom/wp-content/uploads/TS.22_v5.0.pdf [gsma.com]
So the wifi is on even in airplane mode and Passpoint authentication is performed automatically using the U/SIM credentials - thus identifying the phone and opening it up for any backdoors.
For the mobile part there's only circumstantial evidences. e.g. The SIM7000 simcom doc (p.51) [simcom.ee] specifies 3 modes: Minimum functionality, Full functionality and Flight mode with their associate separate AT serial codes. So, there's clearly a physical distinction between turning it off and entering flight mode. And that's an arduino shield module rather than a full baseband so it doesn't even have the excuse of having to keep running...
Regardless, just open up an old smartphone and multimeter the antenna against the common ground between modes and you'll see it doesn't power off.
compiling...
(Score: 0) by Anonymous Coward on Wednesday June 09 2021, @02:39PM (1 child)
Also, not. Also, it's not good to namedrop random words,
https://en.wikipedia.org/wiki/Baseband [wikipedia.org]
Like name dropping, dropping random tech words doesn't make you smart.
(Score: 3, Interesting) by RamiK on Thursday June 10 2021, @02:55AM
https://en.wikipedia.org/wiki/Baseband_processor [wikipedia.org]
Look under https://en.wikipedia.org/wiki/Baseband_processor#Security_concerns [wikipedia.org]
compiling...
(Score: 2) by TheGratefulNet on Thursday June 10 2021, @01:40PM
sorry, again, this is just not true.
what IS true is that you cant see the lower level chip internals and those run vendor proprietary code. I knew one guy who claimed he did know what went on in those chips, but I'm not even sure I believe him. and anyone who did know, had to sign their life away on an NDA.
regardless of what that lower level 'phy' chip does, as long as the os is not polling or accepting data from it, its essentially shut down.
and that's really all that matters. there is a strong line between the chip side and the os/firmware side.
airplane mode is where the os says 'you can say anything you want, but my end is shut down, so please dont waste your time' (very very loosely put) ;)
and more to the point, the hardware IS shut down since the goal is to save battery.
"It is now safe to switch off your computer."
(Score: 0) by Anonymous Coward on Wednesday June 09 2021, @02:42PM
When you get firmware updates on a regular basis. But if you are conscientious about it, you should run a local VPN if you want access via WiFi. If you don't control the software on a device, you can't really trust it. And even if you do control it, then only trust it as far as you can throw it.