Presented at DEF CON 14 (2006)
Aug. 5, 2006, 3 p.m.
The 802.11 link-layer wireless protocol is widely known for its design flaws. Unauthenticated management packets, a ridiculous attempt at providing link layer confidentiality and authentication (WEP), and general vendor stupidity have all contributed to 802.11 being the most sensationalized protocol ever mentioned in the media.
All of the above topics have been beaten to death. Instead this talk explores new advances not in design problems in 802.11, but in implementation issues. The two major advances in 802.11 security will be covered, device driver vulnerabilities and link layer fingerprinting techniques. 802.11 fingerprinting represents the first time that a link-layer protocol has been vulnerable to finger-printing attacks. These attacks can provide useful information to the attacker, allowing him to accurately target the latest weapon in any wireless hackers arsenal: 802.11 device driver exploits.
Johnny Cache is responsible for many wireless hacking tools. These include jc-wepcrack (a distributed wep-cracker) jc-aircrack (a complete aircrack re-write in C++), and also helped h1kari create pico-wepcrack (a FPGA accelerated WEP brute forcer). Cache is currently pursuing his Master's degree in computer security. He is also co-author of "Hacking Exposed Wireless". His latest accomplishments can be found in Airbase, available at www.802.11mercenary.net