DeepSec 2016 Talk: 802.11 Complexity. An Introduction to 802.11 Protocol Chaos – Andrés Blanco
Do you remember the days of Wired Equivalent Privacy (WEP)? One might almost say security design was bad back then. The question is: Has it really improved? Proper encryption and authentication is only a part of the design. In the case of wireless networking there is a whole lot more to consider. Shooting clients off the network is still possible. Penetration testers can tell you much more about the quirks and weaknesses of wireless protocols. This is why we asked Andrés Blanco to give a presentation about the state of wireless affairs.
WiFi is everywhere and everyone is using it everyday. Employees connect to enterprise networks using their mobile devices, and later the same day to a WiFi network at a coffee shop or their home network. WiFi networks give users mobility and wire-less connectivity, but at what cost? IEEE and vendors add new functionalities to the IEEE 802.11 protocol every year. Are we sure how to use these new features? And how could they expose us to potential attacks?
Most companies rely on the 802.11 protocol chaos every day. And this even does not include the many perils of the Internet of Things (IoT). We recommend this talk not only for anyone testing defences, but also to everyone using 802.11. DeepSec 2016 features a workshop covering WiFi attack technologies such as the Pineapple. You should get a ticket for the training to complete your skills.
Andrés Blanco is an information security researcher. His interests and expertise include network security, hardware, reverse engineering and privacy. He specializes in 802.11 security working on firmware, driver reverse engineering and protocol analysis. He presented his work at conferences such as Defcon, Black Hat USA Arsenal, Hack.lu and Ekoparty.