WiFi, which uses unprotected air as a medium, faces unique challenges in ensuring the security and availability of communication. Throughout the development process of WiFi protocol, it is also the evolution process of WiFi security protocol. Even with the popularization of WIFI6 and WPA3, there are still many flaws in the security of WiFi protocol and its implementation.
Owfuzz is a WiFi fuzzing tool. It can perform fuzzing tests to any WiFi device, including client and AP. Over the past few months, I've used owfuzz to fuzz WiFi chips of different vendors and found many WiFi vulnerabilities, the affected vendors include Qualcomm, Intel, Espressif, Broadcom, Huawei and others. These vulnerabilities include both design and implementation flaws, some even affect multiple vendors at the same time.
WiFi vulnerabilities can cause remote zero-click attacks, and will affect a large number of users. Therefore, chip vendors need to pay more attention to the security and robustness of WiFi. This talk will cover the practice and thinking about owfuzz and the vulnerabilities discovered by owfuzz.