As if the need for end-to-end encryption wasn’t already big enough, security researchers have found a flaw in several versions of the Wi-Fi standard that makes unencrypted connections like http even more insecure, reports Bleeping Computer.
The security flaw lies in power-saving features of the protocol, which means that a device on a Wi-Fi network can go to sleep and tell the base station that it is doing so. The base station must then queue up all data packets to be sent to the device while waiting for it to wake up again. The idea is clever: By only being awake for a fraction of the time and handling all the packets during that period, devices can save a lot of power, but since it’s still a matter of milliseconds, the user doesn’t notice anything.
The problem is that the protocol has no security controls around these queued data packets, and researchers have found ways to trick a base station both into sending traffic intended for a device to it and injecting data into existing traffic flows.
The result is that it becomes possible, for example, to inject malicious javascript code when a user downloads a web page via an unencrypted http connection. Encrypted connections are not affected.
The security flaw has been confirmed in base stations and routers from Cisco, Asus and D-Link, among others. Cisco has confirmed the discovery but writes that the attack poses a minimal risk on securely configured networks, and recommends all customers to use tls (https) whenever possible.
