Abusing the Windows WiFi native API to create a Covert Channel
Andrés Blanco, Ezequiel Gutesman
Hack.lu 2011
Date published
WiFi, Windows Native WiFi API


Communications over wireless channels have been perfected in the last years mainly improving performance and speed features. Security in this field has been a concern since the first 802.11 draft, having evolved by adding security features based on different crypto systems. In this paper we focus on the construction of a covert channel, exploitable in any system, between any endpoint and a specially crafted endpoint. The channel built can be started even while an active connection is established between a computer and a wireless Access Point, with one unique network device. This functionality allows an attacker that compromised a wireless enabled endpoint to extract available information and avoid detection. We will describe the design behind the channel structure and a fully functional implementation.

Full paper
Hack.lu 2011 slides

Source Code

Demo: PoC covert channel md5:d2949403be2c1ca0726624ed906c1add


demo.tar.gz - Covert Channel PoC
slides.pdf - Slides Hack.lu 2011