"With ICMP Magic, You Can Snoop on Vulnerable HiSilicon, Qualcomm-Powered Wi-Fi"
Malicious actors can exploit a vulnerability identified in at least 55 Wi-Fi router models to eavesdrop on victims' data sent over wireless networks. Researchers from China and the US have detailed the security flaw in the Network Processing Units (NPUs) of Qualcomm and HiSilicon chips located at the core of different wireless Access Points (APs). The flaw, tracked as CVE-2022-25667, prevents devices from blocking forged Internet Control Message Protocol (ICMP) messages, which can be exploited to hijack and monitor a victim's wireless connection. The ICMP network layer protocol can be abused to avoid Wi-Fi Protected Access (WPA) security in order to intercept and read a victim's wireless network traffic. WPA, including WPA2 and WPA3, is supposed to secure each device on a wireless network from eavesdropping. The researchers devised an attack that can defeat that security layer, allowing one device on a Wi-Fi network to intercept and eavesdrop on the traffic of another. Their paper titled "Man-in-the-Middle Attacks without Rogue AP: When WPAs Meet ICMP Redirects" describes the technique. This article continues to discuss the research on the vulnerability found in the NPUs of AP routers that restrict the routers from blocking fake ICMP error messages passing through the router.