Skip to main content

Wi-Fi vulnerability could allow attackers to steal your data on unencrypted sites

Casezy/Getty Images

Computer scientists at the University of California, Riverside, have discovered a security flaw that affects all Wi-Fi routers. Hackers could exploit the weakness in the transmission control protocol (TCP) and perform a web cache poisoning attack to steal passwords, login information, and other private data. Unfortunately, a fix isn’t possible, as the vulnerability stems from a 20-year-old design based on TCP and Wi-Fi. To prevent hackers from using the exploit, researchers recommend that manufacturers build routers that operate on different frequencies for transmitting and receiving data.

Fortunately, this attack technique won’t work with encrypted sites that use HTTPS and HSTS. Users on Ethernet connections are similarly not affected. Given that the attack won’t work on encrypted sites, most users who browse the internet on a modern browser shouldn’t be affected. Many browsers, including Google’s Chrome, already warn users if they visit an unencrypted site.

TCP works by breaking down data into manageable chunks, called packets, for computers to communicate. The data packets begin with a random first number, but the subsequent numbers in the sequence will predictably increase, and hackers can guess the next number to intercept communication between the sending and receiving computers. Given that there are approximately 4 billion sequence numbers, it is difficult for hackers to make a correct guess.

“But if the attacker can figure out which number triggers a response from the recipient, they can figure out the rough range of the correct number and send a malicious payload pretending that it comes from the original sender,” the researchers wrote in a blog post detailing the attack. “When your computer reassembles the packets, you’ll see whatever the attacker wants.”

When the victim visits a website that’s controlled by the hacker — who can be connected remotely using a different Wi-Fi network — the site will run a JavaScript that creates a TCP connection to a banking website. The exploit will work if the victim stays on the site for as little as 1 minute. Hackers can display pirated movies, for example, in an attempt to lure the victim to stay on the site for longer. While the victim is on the site, the hacker can guess the sequence number for the banking packet and inject a malicious copy of the bank webpage into the victim’s cache to steal passwords and login information.

This web cache poisoning tactic ensures that the victim will always see the malicious site whenever they try to visit the banking website in the future, and the malicious copy of the site can sit in the browser cache for deacdes or until the victim clears the cache.

Editors' Recommendations

Chuong Nguyen
Silicon Valley-based technology reporter and Giants baseball fan who splits his time between Northern California and Southern…
This Wi-Fi security flaw could let drones track devices through walls
Professor Ali Abedi flying Wi-Peep standing against brick wall.

A research team from the University of Waterloo has attached a device to a drone that can use vulnerabilities in Wi-Fi networks to see through walls.

Imagine intruders being able to track people by the devices they have on them or find weak spots in their homes. This alarming possibility has been proven by a device called Wi-Peep, which is essentially $20 of easily-purchasable hardware, an off-the-shelf quadcopter, and the work of Dr. Ali Abedi and his team at the University of Waterloo.

Read more
Google Nest Wi-Fi Pro adds Wi-Fi 6E but loses compatibility
Google Nest Wi-Fi Pro in Lemongrass color rests on a shelf.

Google just released a new Wi-Fi router, the Nest Wi-Fi Pro, as part of its ongoing efforts to make it quicker and easier to watch videos on YouTube, do a Google search, or connect to your Nest smart home devices. Without reliable internet access, that Google-y goodness might not be available. It's also more eye-catching than earlier models and up to twice as fast but there are a few concerns with this new mesh router.

Nest Wi-Fi pro adds the latest wireless standard, Wi-Fi 6E, which has three bands instead of the usual two. That means the Nest Wi-Fi Pro can connect to older devices at 2.4 and 5 GHz, as well as newer technology using the latest 6GHz radio frequency band.

Read more
These new Eero PoE devices are for serious Wi-Fi setups only
The Eero PoE 6 with the price listed.

At the annual Amazon hardware event, router company Eero has announced two new devices for serious connectivity: the Eero PoE 6 and Eero PoE Gateway. These are not for your average Wi-Fi setup.

PoE, or power over ethernet, is a way of bringing wireless connectivity to wired infrastructures, especially made for professional installers and businesses. The Eero PoE 6 is a dual-band Wi-Fi 6 access point that covers up to 2,000 square feet of space with connectivity, including connections for more than 100 devices. Eero says it can go "almost anywhere ethernet cable can be pulled," including being mounted flush to surfaces like walls or ceilings.

Read more