Sign In

Communications of the ACM

ACM TechNews

New Security Flaw Discovered in Wi-Fi Routers

View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
All modern routers incorporate the flaw.

Researchers at the University of California, Riverside found an irreparable flaw that resides in all modern Wi-Fi routers.


University of California, Riverside researchers have found an irreparable flaw in all modern Wi-Fi routers.

Researchers Zhiyun Qian and Weiteng Chen say the vulnerability exploits the interaction of transmission control protocol (TCP) and Wi-Fi, taking advantage of a fundamental Wi-Fi design decision that is extremely difficult to change.

TCP divides information into sections that can be transmitted between computers over the Internet, with each packet receiving a number within a sequence unique to a specific communication. The first number of the initial sequence is random, but the ensuing numbers rise predictably so the receiving computer can arrange them correctly.

To intercept this communication, an attacker must pretend to be the sender and guess the next number in the sequence.

Because wireless routers can only transmit data in one direction at a time, there is a time gap between a request and a response, giving the attacker an opportunity to guess the sequence and hijack the communication.

The attacker can then insert a different copy of the webpage into the browser cache using a tactic known as web cache poisoning.

The flaw can be exploited to spread fake news, steal sensitive data, carry out espionage, and interfere with critical activities managed via wireless Internet.

To fix the flaw, routers would need to be redesigned to operate on different frequencies for transmitting and receiving data.

From University of California, Riverside
View Full Article


Abstracts Copyright © 2018 Information Inc., Bethesda, Maryland, USA


No entries found