Apple’s move to implement MAC Address Randomization across all of its devices may offer some protection against a newly-identified Wi-Fi weakness that might allow attackers to hijack network traffic, according to researchers. Android, iOS, and Linux devices may be susceptible.
The issue is how the standard addresses energy conservation
Researchers have discovered a design fault in the IEEE 802.11 Wi-Fi standard that might be exploited by attackers to deceive access points (Wi-Fi base stations) into leaking information. The researchers do not assert that the vulnerability is being actively exploited, but they do caution that it may permit the interception of network communications.
The attack leverages a flaw in the data containers (network frames) on which routers rely to transmit data over the network and in the way that access points manage devices that enter power-saving mode.
Miscreants must forcefully disconnect the victim device before it connects to the network, fake the victim device’s MAC address to connect to the network using the attacker’s credentials, and then capture the response. The vulnerability uses the Wi-Fi standard’s power-saving feature to compel data to be exchanged in an unencrypted format.
The researchers have released the MacStealer open-source program to test Wi-Fi networks for vulnerability.
Cisco dismissed the allegations, stating that “knowledge collected by an attacker in a securely constructed network would be of negligible use.”
Cisco does recommend that network administrators take action: “To reduce the likelihood that the attacks described in the paper will be successful, Cisco recommends using policy enforcement mechanisms through a system like Cisco Identity Services Engine (ISE), which can restrict network access by implementing Cisco TrustSec or Software-Defined Access (SDA) technologies.
“”Cisco also recommends adding transport layer security to encrypt data in transit wherever feasible, since this would render the attacker’s collected data useless,” the firm stated.
Security experts note that denial-of-service attacks against Wi-Fi access points have existed for eons, saying that the 802.11 standards must be revised to accommodate new security threats. “Overall, our research demonstrates the necessity for the standard to incorporate queuing techniques in an evolving security setting,” they stated.
Randomizing MAC Addresses
Apple has lately extended its MAC Address Randomization capability to the Apple Watch, in addition to iPhones, iPads, Macs, and Apple computers. This additional layer of protection helps to conceal devices by employing randomly generated MAC addresses for network connectivity.
The MAC address is a 12-character device-specific identifier that can provide information about the device and is an integral feature of the Wi-Fi standard. Without this address, the router would not be able to determine which computer to transmit data to, and so would not be able to send data to the proper machine.
As shown below, MAC Address Randomization helps conceal the precise device on a network by making data transferred over that network more difficult to decipher. Experts in information security concur that it might make the type of attack discovered by the researchers somewhat more difficult to execute. It is not failsafe protection, in part because network providers might stop it by requiring a real address for service use.
MAC Address Randomization is also not enforced when a device connects to a preferred wireless network, and an attacker might still launch an attack if they can identify the random address and attach it to the device.
Every precaution you take to safeguard your devices, especially while accessing Wi-Fi hotspots, is becoming more important, not less so.
Keeping an Eye on the Guards
The most recent Internet Security Report from Watchguard shows that while the incidence of network-based assaults has decreased, many Wi-Fi networks may be exposed to the vulnerability. The research also finds that endpoint ransomware surged by a shocking 627 percent, while phishing-related malware remains a persistent danger.
According to WatchGuard’s chief security officer, Corey Nachreiner, encryption — or, more precisely, the absence of decryption at the network perimeter — is concealing the complete picture of malware attack patterns. “Security experts must enable HTTPS inspection to ensure that these risks are recognized and mitigated prior to causing damage.”