Explore the vulnerabilities in Intel Wi-Fi chips and their firmware in this 28-minute Black Hat conference talk. Dive into the complex features implemented in Wi-Fi chip firmware, such as Wake-on-WLAN and Tunnel Direct Link Setup (TDLS). Learn about the reverse-engineering process used to investigate Intel Wi-Fi chip internals and discover how firmware loading can be exploited to gain arbitrary code execution. Examine the Paging Memory mechanism used for secure code storage in system memory and understand how read-anywhere vulnerabilities can be leveraged for code execution. Gain insights into the potential security risks associated with Wi-Fi drivers and chips, which have become prime targets for attackers as Wi-Fi has replaced Ethernet as the main network protocol on laptops.
Overview
Syllabus
Ghost in the Wireless, iwlwifi Edition
Taught by
Black Hat
Related Courses
-
All Wireless Communication Stacks Are Equally Broken
-
Exploiting Qualcomm WLAN and Modem Over The Air
-
Kr00k - Serious Vulnerability Affected Encryption of Billion+ Wi-Fi Devices
-
Spectra - Breaking Separation Between Wireless Chips
-
Sweet Dreams - Abusing Sleep Mode to Break Wi-Fi Encryption and Disrupt WPA2/3 Networks
-
WIFI - Important Remote Attack Surface - Threat is Expanding
