Wi-Fi is a pretty central technology to our daily lives, whether at home or at the office. Given that so much sensitive data is regularly exchanged between Wi-Fi devices, a number of standards have been developed to ensure the privacy and authentication of Wi-Fi communications.
However, a recent paper shows that every single Wi-Fi network protection standard since 1997, from WEP all the way to WPA3, is exposed to a critical vulnerability that allows the exfiltration of sensitive data. How far does this new attack go? How does it work? And why wasn’t it discovered before? We’ll discuss this and more in this episode of Cryptography FM.
Links and papers discussed in the show:
* Fragment and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation (https://papers.mathyvanhoef.com/usenix2021.pdf)
* Dragonblood: Analyzing the Dragonfly Handshake of WPA3 and EAP-pwd (https://papers.mathyvanhoef.com/dragonblood.pdf)
* Release the Kraken: New KRACKs in the 802.11 Standard (https://papers.mathyvanhoef.com/ccs2018.pdf)
Music composed by Toby Fox and performed by Sean Schafianski (https://seanschafianski.bandcamp.com/). Special Guest: Mathy Vanhoef.