Breaking and Disrupting WPA2/3 Networks by Abusing Sleep Mode

Explore two innovative attacks exploiting Wi-Fi power-save functionality in this conference talk from BruCON Security Conference. Learn about a technique that targets protected Wi-Fi networks, forcing Access Points to buffer frames and leak them in plaintext or with incorrect encryption. Discover a network disruption attack based on forced frame queueing, which can block Fine Timing Measurements and disconnect clients even with WPA3 and Protected Management Frames enabled. Understand how this attack can be leveraged by malicious insiders to bypass client isolation and intercept traffic. Examine the vulnerabilities in current Wi-Fi security protocols, including WPA3, and discuss potential mitigations along with their security and reliability trade-offs. Gain insights into the importance of authenticating the power-management bit in Wi-Fi frames to prevent these sleep-based attacks.

09 - BruCON 0x0F - Breaking & Disrupting WPA2/3 Networks by Abusing Sleep Mode - Mathy Vanhoef