Fun with 802.11 Device Drivers

Presented at DEF CON 14 (2006), Aug. 5, 2006, 3 p.m. (50 minutes)

The 802.11 link-layer wireless protocol is widely known for its design flaws. Unauthenticated management packets, a ridiculous attempt at providing link layer confidentiality and authentication (WEP), and general vendor stupidity have all contributed to 802.11 being the most sensationalized protocol ever mentioned in the media. All of the above topics have been beaten to death. Instead this talk explores new advances not in design problems in 802.11, but in implementation issues. The two major advances in 802.11 security will be covered, device driver vulnerabilities and link layer fingerprinting techniques. 802.11 fingerprinting represents the first time that a link-layer protocol has been vulnerable to finger-printing attacks. These attacks can provide useful information to the attacker, allowing him to accurately target the latest weapon in any wireless hackers arsenal: 802.11 device driver exploits.

Presenters:

• Johnny Cache
  Johnny Cache is responsible for many wireless hacking tools. These include jc-wepcrack (a distributed wep-cracker) jc-aircrack (a complete aircrack re-write in C++), and also helped h1kari create pico-wepcrack (a FPGA accelerated WEP brute forcer). Cache is currently pursuing his Master's degree in computer security. He is also co-author of "Hacking Exposed Wireless". His latest accomplishments can be found in Airbase, available at www.802.11mercenary.net

Links:

• https://defcon.org/html/defcon-14/dc-14-speakers.html#Cache
• https://infocon.org/cons/DEF CON/DEF CON 14/DEF CON 14 video/DEF CON 14 - Johnny Cache - Fun with Device Drivers - Video.mp4
• https://www.youtube.com/watch?v=FCu8rnQVU5M

Similar Presentations:

• THOTCON 0x9 (2018) / 5Ghz Electronic Warfare
• DeepSec 2016 „Ten“ / 802.11 Complexity. An Introduction to 802.11 Protocol Chaos
• DEF CON 11 (2003) / Abusing 802.11