The ubiquitous Wi-Fi standard has at least three design flaws that allow a local attacker to intercept and exfiltrate wireless traffic, while additional implementation flaws enable more serious attacks for some wireless traffic, a well-known security researcher revealed this week.
The design flaws in the IEEE 802.11 standard — more commonly known as Wi-Fi — allow an attacker who has tricked a user into visiting an attacker-controlled server to create a TCP connection and create a machine-in-the-middle (MitM) scenario, stated Mathy Vanhoef, a post-doctoral researcher at New York University Abu Dhabi, in an in-depth analysis of the security weaknesses. In addition, several vulnerabilities in specific Wi-Fi implementations make the issue more serious, allowing an attacker to gain additional access.