Explore the detection and exploitation of logical flaws in Wi-Fi cryptographic handshake implementations in this 44-minute Black Hat conference talk by Mathy Vanhoef. Delve into the security aspects of the Wi-Fi handshake, learn about model-based testing approaches, and examine specific vulnerabilities such as missing downgrade checks and targeted denial-of-service attacks. Gain insights into frame layouts, test generation rules, and real-world examples involving Windows 7, Broadcom, and OpenBSD. Understand the importance of identifying logical vulnerabilities beyond common programming errors in Wi-Fi security.
WiFuzz - Detecting and Exploiting Logical Flaws in the Wi-Fi Cryptographic Handshake
Overview
Syllabus
Intro
How secure is the Wi-Fi handshake?
Background: the Wi-Fi handshake
Wi-Fi handshake simplified
Frame Layouts
How to test implementations?
Modelbased testing our approach
Test generation rules
Missing downgrade checks
Windows 7 targeted Dos
Broadcom downgrade
OpenBSD: client man-in-the-middle
Taught by
Black Hat
Related Courses
-
Sweet Dreams - Abusing Sleep Mode to Break Wi-Fi Encryption and Disrupt WPA2/3 Networks
-
Dragonblood - Analyzing the Dragonfly Handshake of WPA3 and EAP-pwd
-
Securely Implementing Network Protocols - Detecting and Preventing Logical Flaws
-
Wi-Fi Direct to Hell - Attacking Wi-Fi Direct Protocol Implementations
