WiFuzz - Detecting and Exploiting Logical Flaws in the Wi-Fi Cryptographic Handshake

Explore the detection and exploitation of logical flaws in Wi-Fi cryptographic handshake implementations in this 44-minute Black Hat conference talk by Mathy Vanhoef. Delve into the security aspects of the Wi-Fi handshake, learn about model-based testing approaches, and examine specific vulnerabilities such as missing downgrade checks and targeted denial-of-service attacks. Gain insights into frame layouts, test generation rules, and real-world examples involving Windows 7, Broadcom, and OpenBSD. Understand the importance of identifying logical vulnerabilities beyond common programming errors in Wi-Fi security.

Intro
How secure is the Wi-Fi handshake?
Background: the Wi-Fi handshake
Wi-Fi handshake simplified
Frame Layouts
How to test implementations?
Modelbased testing our approach
Test generation rules
Missing downgrade checks
Windows 7 targeted Dos
Broadcom downgrade
OpenBSD: client man-in-the-middle