14 DAY TRIAL // All Wi-Fi routers are vulnerable to an off-path TCP exploit which would allow attackers to steal data transmitted via HTTP over a wireless connection using web cache poisoning on the latest versions of all major operating systems (Windows, macOS, and Linux).
As discovered by Associate Professor Zhiyun Qian and doctoral student Weiteng Chen from UCR, the exploit takes advantage of the interaction between TCP and Wi-Fi, and it makes it possible for crooks to steal login credentials, as well as inject tampered data.
There is no apparent fix for this issue at the moment given that it's based on the mechanisms used by the Wi-Fi and TCP protocols to exchange information.
To exploit this vulnerability, attackers can intercept the communication between your router and your computer, and send a malicious payload which will look exactly like the real thing when it reaches your web browser.
More exactly, when you visit a maliciously crafted web page and allow the crook to guess the sequence numbers of the TCP packets sent via the Wi-Fi connection given enough time (up to one or two minutes), you make it possible for the attacker to inject a malicious copy of the login or checkout page you're trying to access.
This web cache poisoning attack will also ensure that every time you will try to login or checkout from the same website, you will access it using the maliciously crafted version the threat actor sent to your browser.
The Wi-Fi router vulnerability can also be exploited remotely
Furthermore, the vulnerability can be exploited remotely, and the malicious web page version designed to steal your information will be on your computer until you clear your browser's cache.
According to Qian and Chen, the only possible mitigation for this vulnerability would be to build new models of wireless routers which use different frequencies for transferring data.
Moreover, in a discussion the researchers had with the committee deciding the development of wireless tech, they found out that new technology featuring new Wi-Fi frequencies is at least five years away.
At the moment, the only way you can make sure that your data is safe when you're browsing the Internet via a Wi-Fi connection is to only use websites with built-in HTTPS or HSTS encryption, or connect to the Internet using an Ethernet-based connection.
Even though the above measures are in theory capable of safeguarding your sensitive data while going around on the web, you also need to always stay on an encrypted connection.
However, this doesn't always happen, especially on websites that use SSL certificates to encrypt only the sign-in and checkout pages where their visitors have to input login or credit card data.
