1. InfoconDB
  2. Black Hat
  3. Black Hat Asia 2020 Virtual
  4. WIFI-Important Remote Attack Surface: Threat is Expanding

WIFI-Important Remote Attack Surface: Threat is Expanding

Presented at Black Hat Asia 2020 Virtual, Oct. 1, 2020, 1:30 p.m. (30 minutes).

Wi-Fi technology is one of the most important infrastructures of today. A large amount of devices, such as cellphones, laptops, IoT devices, cars, and infrastructure of smart city are heavily depending on Wi-Fi. As a consequence, Wi-Fi has been one of the most popular attack surface of modern information systems.

In this talk, we focus on the vulnerability of Wi-Fi drivers before password authentication, as well as the security issues caused by these Wi-Fi layer vulnerabilities. We would like to share our experience in finding memory corruption vulnerabilities in Wi-Fi drivers, and how we successfully automated the vulnerability discovery process. These memory corruption bugs in Wi-Fi drivers always directly lead to immediate DoS, and significantly affect the target system. We found that these memory corruption vulnerabilities follow some patterns, and we constructed a fuzzing tool to automatically find memory corruption bugs according to these patterns. This tool successfully found a bunch of memory corruption vulnerabilities in many well adopted Wi-Fi adapter drivers, including Realtek USB/PCI-E Wi-Fi drivers, Pixel 3 Wi-Fi driver, and Intel PCI-E Wi-Fi adapter drivers. All of these vulnerabilities are remotely triggered without password authentication. We strongly believe that the fuzzing methodology and the tool is very effective and we want to bring it to the BlackHat.


Presenters:

  • Haikuo Xie - Security Researcher, Huawei Singularity Security Lab
    <span>Haikuo Xie is a security researcher of Huawei singularity security lab. He focuses on IoT security and vulnerability discovery and specializes in malware analysis, reverse engineering and fuzzing. He has found some Windows kernel vulnerabilities and now researches the Vulnerabilities of PDF. He also found some very influential vulnerabilities in smart devices.</span>
  • Ying Wang - Security Reseacher, Baidu Security
    Ying Wang is a security researcher of Baidu Security Lab X-Team. She focuses on automated vulnerability detection technology , such as&nbsp; dynamic symbolic execution and fuzzing. Now, she engages in mutational fuzzing of wifi protocol.
  • Ye Zhang - Security Researcher, Baidu
    Ye Zhang is a security researcher of Baidu Security Lab X-Team. He's good at reverse engineering and malware analysis and now he focuses on finding IoT vulnerabilities.

Links:

Similar Presentations: