This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
Abusing Wi-Fi Beacons and Detecting & Preventing Attacks
All Wi-Fi networks periodically broadcast beacons to announce their presence. These beacons are not authenticated and can be spoofed by an adversary, but it's unclear what risks this poses in practice.
In this webcast, we discuss what kinds of attacks are possible by spoofing Wi-Fi beacons. For example, we show how an adversary can reduce the throughput of nearby devices, lower the transmission power of clients, and we show how spoofing beacons can facilitate advanced man-in-the-middle attacks.
In the second part of the webcast, we describe a scheme to protect Wi-Fi beacons. This scheme has been standardized as part of the (draft) IEEE 802.11 standard. We give a high-level explanation of our scheme, and we give a demo of its implementation in Linux.
New York University Abu Dhabi
Mathy Vanhoef is a postdoctoral researcher at New York University Abu Dhabi. He is most well-known for his KRACK attack against WPA2, and the RC4 NOMORE attack against RC4. His research interest is in computer security with a focus on network security, wireless security (e.g. Wi-Fi), network protocols, and applied cryptography. Currently his research is about analyzing security protocols and discovering (logical) vulnerabilities in their implementations. He also wants to learn more about how to (automatically) prove the correctness of protocol implementations. Apart from research, he's interested in low-level security, reverse engineering, and binary exploitation.
Senior Security Researcher
Chad Anderson is a Senior Security Researcher at DomainTools. His background is in security-focused operations and automation that he now applies to building, curating and exploring new data sets for security researchers. He has a particular interest in automation, network security and their intersection. His primary focus leans heavily on leveraging open source technologies to improve deployments, network security and systems administration at DomainTools.