All Wi-Fi networks periodically broadcast beacons to announce their presence. These beacons are not authenticated and can be spoofed by an adversary, but it's unclear what risks this poses in practice.
In this webcast, we discuss what kinds of attacks are possible by spoofing Wi-Fi beacons. For example, we show how an adversary can reduce the throughput of nearby devices, lower the transmission power of clients, and we show how spoofing beacons can facilitate advanced man-in-the-middle attacks.
In the second part of the webcast, we describe a scheme to protect Wi-Fi beacons. This scheme has been standardized as part of the (draft) IEEE 802.11 standard. We give a high-level explanation of our scheme, and we give a demo of its implementation in Linux.
Mathy Vanhoef is a postdoctoral researcher at New York University Abu Dhabi. He is most well-known for his KRACK attack against WPA2, and the RC4 NOMORE attack against RC4. His research interest is in computer security with a focus on network security, wireless security (e.g. Wi-Fi), network protocols, and applied cryptography. Currently his research is about analyzing security protocols and discovering (logical) vulnerabilities in their implementations. He also wants to learn more about how to (automatically) prove the correctness of protocol implementations. Apart from research, he's interested in low-level security, reverse engineering, and binary exploitation.
Chad Anderson is a Senior Security Researcher at DomainTools. His background is in security-focused operations and automation that he now applies to building, curating and exploring new data sets for security researchers. He has a particular interest in automation, network security and their intersection. His primary focus leans heavily on leveraging open source technologies to improve deployments, network security and systems administration at DomainTools.