Advanced Wi-Fi attacks using commodity hardware
@article{Vanhoef2014AdvancedWA, title={Advanced Wi-Fi attacks using commodity hardware}, author={M. Vanhoef and Frank Piessens}, journal={Proceedings of the 30th Annual Computer Security Applications Conference}, year={2014} }
We show that low-layer attacks against Wi-Fi can be implemented using user-modifiable firmware. Hence cheap off-the-shelf Wi-Fi dongles can be used carry out advanced attacks. We demonstrate this by implementing five low-layer attacks using open source Atheros firmware. The first attack consists of unfair channel usage, giving the user a higher throughput while reducing that of others. The second attack defeats countermeasures designed to prevent unfair channel usage. The third attack performs…Â
99 Citations
Exploiting Race Condition for Wi-Fi Denial of Service Attacks
- Computer ScienceSIN
- 2020
Three attacks on Wi-Fi availability are presented, adopting the evil twin scheme and exploit a race condition-based vulnerability to generate the attacks and proposing countermeasures to fix the exploited vulnerability and mitigate the attacks.
Operating Channel Validation: Preventing Multi-Channel Man-in-the-Middle Attacks Against Protected Wi-Fi Networks
- Computer ScienceWISEC
- 2018
An extension to the 802.11 standard that authenticates parameters that define the currently in-use channel to prevent multi-channel man-in-the-middle attacks and a method to securely verify dynamic channel switches that may occur while already connected to a network.
Denial of Service Attacks Against the 4-Way Wi-Fi Handshake
- Computer Science
- 2017
This work finds that, in practice, many implementations of the 4-way Wi-Fi handshake are vulnerable to denial-of-service attacks, and proposes countermeasures against three new attacks.
Discovering Logical Vulnerabilities in the Wi-Fi Handshake Using Model-Based Testing
- Computer ScienceAsiaCCS
- 2017
We use model-based testing techniques to detect logical vulnerabilities in implementations of the Wi-Fi handshake. This reveals new fingerprinting techniques, multiple downgrade attacks, and Denial…
Characterizing Wi-Fi Man-In-the-Middle Attacks
- Computer Science2020 XXXIIIrd General Assembly and Scientific Symposium of the International Union of Radio Science
- 2020
This research work aims to develop detection techniques, for Man-in-The-Middle attacks against Wi-Fi networks, by analyzing the Electromagnetic activity, i.e. the physical layer of the OSI model by identifying combinations or sequences of signals which can be indicative of the presence of such attacks.
Scan-Based Self Anomaly Detection: Client-Side Mitigation of Channel-Based Man-in-the-Middle Attacks Against Wi-Fi
- Computer Science2020 IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC)
- 2020
This paper proposes a scan-based self anomaly detection (SSAD), which is a client-side solution to detect and mitigate channel-based man-in-the-middle attacks using access point (AP) scans, and implemented it into an open source Wi-Fi client software and evaluated the effectiveness.
Multi-Channel Man-in-the-Middle Attacks Against Protected Wi-Fi Networks: A State of the Art Review
- Computer ScienceArXiv
- 2022
The capabilities of Multi-Channel MitM are evaluated and every reported attack in the state of the art is reviewed, including cipher downgrades, denial of service, key reinstallation attacks, and recently FragAttacks in 2021 are reviewed.
Key Reinstallation Attacks : Breaking the WPA 2 Protocol
- Computer Science
- 2017
The 4-way handshake is shown to be vulnerable to key reinstallation attacks, and it is shown that the PeerKey, group key, and Fast BSS Transition (FT) handshake are broken.
Truncate after preamble: PHY-based starvation attacks on IoT networks
- Computer ScienceWISEC
- 2020
It is shown that an attacker can cause over 90% packet loss on a Zigbee or Wi-Fi channel, using respectively six or five orders of magnitude less energy than a constant jammer would.
Bad-token: denial of service attacks on WPA3
- Computer ScienceSIN
- 2019
This work describes a vulnerability that is discovered in WPA3 authentication protocol, named bad-token, that can be exploited by an attacker in a race condition to cause a denial of service to Wi-Fi clients and proposes countermeasures to mitigate them.
References
SHOWING 1-10 OF 41 REFERENCES
A Practical, Targeted, and Stealthy Attack Against WPA Enterprise Authentication
- Computer ScienceNDSS
- 2013
This paper presents a novel, highly practical, and targeted variant of a wireless evil twin attack against WPA Enterprise networks, and shows significant design deficiencies in wireless management user interfaces for commodity operating systems, and highlights the practical importance of the weak binding between wireless network SSIDs and authentication server certificates.
Cryptanalysis for RC4 and Breaking WEP/WPA-TKIP
- Computer ScienceIEICE Trans. Inf. Syst.
- 2011
This paper presents a different interpretation and the relation between other attacks and the TeAM-OK attack against WEP, and presents an attack that is executable in a realistic environment against WPA-TKIP.
Practical verification of WPA-TKIP vulnerabilities
- Computer ScienceASIA CCS '13
- 2013
Three attacks on the Wi-Fi Protected Access Temporal Key Integrity Protocol (WPA-TKIP) are described and it is demonstrated how fragmentation of 802.11 frames can be used to inject an arbitrary amount of packets, and the internal state of the Michael algorithm is reset.
Falsification Attacks against WPA-TKIP in a Realistic Environment
- Computer ScienceIEICE Trans. Inf. Syst.
- 2012
Two new falsification attacks against Wi-Fi Protected Access Temporal Key Integrity Protocol (WPATKIP) are proposed, one of which reduces the execution time for recovering a MIC key and the other expands its targets that can be attacked.
Carving secure wi-fi zones with defensive jamming
- Computer ScienceASIACCS '12
- 2012
A novel approach to the problem that forges a walled wireless coverage, a secure Wi-Fi zone in particular, inspired by the fact that jamming as an attack is inherently difficult to defeat is proposed.
Practical attacks against WEP and WPA
- Computer Science, MathematicsWiSec '09
- 2009
An improved key recovery attack on WEP, which reduces the average number of packets an attacker has to intercept to recover the secret key.
A Practical Message Falsification Attack on WPA
- Computer Science, Mathematics
- 2009
This paper applies the Beck-Tews attack to the man-in-the-middle attack, and gives methods for reducing the execution time of the attack.
802.11 Denial-of-Service Attacks: Real Vulnerabilities and Practical Solutions
- Computer ScienceUSENIX Security Symposium
- 2003
This paper provides an experimental analysis of 802.11-specific attacks - their practicality, their efficacy and potential low-overhead implementation changes to mitigate the underlying vulnerabilities.
The feasibility of launching and detecting jamming attacks in wireless networks
- Computer ScienceMobiHoc '05
- 2005
This paper proposes four different jamming attack models that can be used by an adversary to disable the operation of a wireless network, and evaluates their effectiveness in terms of how each method affects the ability of a Wireless node to send and receive packets.
Gaining insight on friendly jamming in a real-world IEEE 802.11 network
- Computer ScienceWiSec '14
- 2014
This work implemented a reactive and frame-selective jammer on a consumer grade IEEE 802.11 access point, and observed an effect that aggravates the known hidden station problem when the number of jammers increases and also finds evidence that this effect can be alleviated by collaboration between jammers, which enables effective and minimally invasive friendly jamming.