WiFi 7 Warning: Multi-Link Operation (MLO) Creates New Security Risks
WiFi 7, the latest generation of wireless networking, promises breathtaking speeds and far greater stability — yet it also brings an unfamiliar set of technical subtleties. Home routers are shifting to triple-band configurations, and even minor misconfigurations can expose one of the radio lanes to unauthorized access. Thus, the transition to WiFi 7 demands not only new hardware, but also meticulous management of every active frequency band.
WiFi 7 can reach a theoretical throughput of 23 Gbps — enough to transfer an entire DVD image in mere seconds. Such performance is achieved through the aggregation of the 2.4, 5, and 6 GHz bands using a mechanism known as Multi-link Operation (MLO).
Previously, devices could rely on only one band at a time; now, routers and compatible clients can distribute traffic across multiple radio channels or switch between them seamlessly. Legacy devices remain compatible, though they cannot leverage the full capabilities of the standard. The Bitdefender team notes that the simultaneous use of several frequencies inevitably increases the number of points where poor configuration can undermine the security of a home network.
Although devices supporting 320 MHz-wide channels and denser modulation schemes are already on the market, the full feature set is not universally available: the 6 GHz band is authorized only in certain countries, and within the EU debates continue between mobile operators and hardware vendors regarding its allocation. The new standard is built around WPA3, yet countless older devices still support only previous protocols, forcing routers to enable backward-compatibility modes and complicating configuration.
Bitdefender emphasizes that transmitting data across several channels at once expands the array of parameters that must remain synchronized. Each band has its own frequencies, power levels, channel-selection rules, and access tables, and misaligned control settings can turn a network into an ideal target for attackers. Risks also arise when devices attempt to connect to rogue access points masquerading as one of the legitimate bands. Moreover, the very behavior of mechanisms that rebalance load across radio channels can inadvertently reveal information about a household’s usage patterns, even in the absence of explicit vulnerabilities.
To mitigate these risks, Bitdefender advises enabling WPA3-SAE and management-frame protection across all active bands. This automatically excludes devices incapable of using modern security algorithms. It is also important to maintain a unified SSID policy and disable band-steering for segments intended for IoT or smart-home equipment.
Administrators should further monitor band-switching parameters, lock channel widths, account for the unique spectrum characteristics of each band, and, when necessary, verify the smoothness of transitions under load. Regularly rotating access keys, updating firmware, and avoiding exposed management interfaces are equally vital.
Finally, Bitdefender recommends several self-checks: attempt to connect a device that uses outdated security protocols and ensure that access is denied, and saturate one of the bands to observe how the router redistributes traffic across the remaining frequencies without compromising security.
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
