Traffic injection in WiFi networks

Cédric Blancher 2006

We have known for a couple of years about serious vulnerabilities in WiFi networks. However, some of them seemed to have been ignored for they required traffic injection and most chipsets/drivers did not support this. That\'s why we can still find many handhelds (Zaurus, PSP, Smartphones, etc.), ISP all-in-one DSL boxes (Freebox or Livebox for FR ISP) and many other devices that only support WEP as security mechanism. As WPA does not provide security for adhoc connections, almost all adhoc networks are open or only use WEP. That\'s also why commercial hotspots are still relying on open WiFi networks. But wireless traffic injection is now possible very conveniently on some chipsets, allowing very efficient attacks against open and WEP WiFi networks, both infrastructure and adhoc.This presentation aims to show these attacks and demonstrate that open and WEP WiFi networks are vulnerable by design and should not be used. Latest WiFi security schemes, namely WPA and 802.11i/WPA2 will be discussed as a solution to WiFi insecurity.

Presentation slides

About Cédric Blancher

Cédric has spent the last 4 years working in the network and Unix systems security field performing audits and penetration testing. In 2004 he joined EADS Corporate Research Center to perform R&D within the network security field including wireless technologies. He is an active member of Rstack team and French Honeynet Project with studies on honeynet containment, honeypot farms and network traffic analysis. He also has delivered technical presentations (Eurosec, SSTIC, Cansecwest, etc.) and articles (MISC, SSTIC, etc.) about network security. You can read more about Cedric here.