Explore the vulnerabilities in Intel Wi-Fi chips and their firmware in this 28-minute Black Hat conference talk. Dive into the complex features implemented in Wi-Fi chip firmware, such as Wake-on-WLAN and Tunnel Direct Link Setup (TDLS). Learn about the reverse-engineering process used to investigate Intel Wi-Fi chip internals and discover how firmware loading can be exploited to gain arbitrary code execution. Examine the Paging Memory mechanism used for secure code storage in system memory and understand how read-anywhere vulnerabilities can be leveraged for code execution. Gain insights into the potential security risks associated with Wi-Fi drivers and chips, which have become prime targets for attackers as Wi-Fi has replaced Ethernet as the main network protocol on laptops.
Overview
Syllabus
Ghost in the Wireless, iwlwifi Edition
Taught by
Black Hat