How to BREAK MU-MIMO Precoding in IEEE 802.11 Wi-Fi Networks

This work reveals a critical vulnerability of the Wi-Fi standard that if unaddressed, might lead to serious security issues and compromise the performance of several billions of Wi-Fi devices. Specifically, this paper introduces and validates with commercial off-the-shelf Wi-Fi devices a new Beamforming Report Eavesdropping Attack (BREAK), which leverages the MU-MIMO channel estimation procedure used by Wi-Fi to decrease the throughput of the entire network without being detected. Through rigorous mathematical optimization, we compute the poisoned feedback that a BREAK adversary needs to send to the access point to reduce the throughput of legitimate users. Through extensive experimental evaluation with commercial Wi-Fi routers and smartphones in multiple network configurations, we show that through BREAK, an adversary may decrease the throughput at legitimate stations by 65 % modifying only about 17 % of its feedback without being detected. For replicability, we shared the code implementing the attack together with the modified firmware to be used at the adversary node. A video demonstration of BREAK is also available11https://youtu.be/SeVt0PWZZ8o.