With the increasing number of internet access devices, the application and research of the Internet of Things (IoT) have become popular day by day. As an IoT infrastructure, Wi-Fi networks play a significant role in providing quick and easy communication services for IoT devices. Furthermore, Wi-Fi Mesh has advantages in self-organization, self-management, and self-healing as a new networking technology, improving flexibility and reliability compared to the traditional network.
In this session, we will start with the EasyMesh designed and certified by Wi-Fi Alliance. Then, we will pay attention to the security issues in the implementation of Wi-Fi Mesh. In detail, we will focus on the attack surfaces in network build and network control and share attack ideas for different Wi-Fi Mesh roles.
In the research progress, we will summarize the types of memory corruption caused by the parse of Type-Length-Value (TLV) and design an automatic fuzzing tool called MeshFuzzer. We will share the design of MeshFuzzer and the difficulties in implementation. Furthermore, we will introduce how we cover all roles and stages in Wi-Fi Mesh.
In practice, we evaluate our tools in MT7915 Wi-Fi chipset, the world’s first single-chip ‘Wi-Fi six Wave one plus’ and ‘Bluetooth five’ combo solution which supports Easy Mesh well. MeshFuzzer has found several memory corruption vulnerabilities and got 19 CVEs. We will introduce some of the typical vulnerabilities in network build and network control.
Finally, we will put forward safety recommendations and the research direction in the future.