802.11w (Protected Management Frames)
CATEGORY : Security / Standards
PURPOSE / USE CASE : Understand PMF for protecting against deauthentication/disassociation attacks.
STEPS TO TEST : Read documentation, verify PMF settings on SSID, attempt disassociation attack (if safe)
802.11w – Protected Management Frames (PMF) is a Wi-Fi security standard that protects certain management frames from being spoofed or tampered with.
Protected Management Frames (802.11w) enhance Wi-Fi security by providing data integrity and confidentiality for management frames, protecting against various attacks.
Overview of 802.11w
IEEE 802.11w, also known as Protected Management Frames (PMF), is an amendment to the IEEE 802.11 standard aimed at increasing the security of wireless networks. It specifically addresses the protection of management frames, which are crucial for establishing and maintaining connections between devices in a Wi-Fi network. Prior to 802.11w, management frames were transmitted unprotected, making them vulnerable to various attacks, such as disassociation and de-authentication attacks.
What it protects:
Deauthentication frames
Disassociation frames
Why it’s important:
Prevents Wi-Fi disconnection attacks.
Protects against session hijacking via spoofed disconnects.
Improves reliability for real-time apps (VoIP, gaming, video calls).
Example in practice:
Without 802.11w → An attacker sends fake deauth packets to disconnect you from the AP.
With 802.11w → The AP and client verify the authenticity of the frame; the fake packet is ignored.