Title
Abusing the Windows WiFi native API to create a Covert Channel
Authors
Andrés Blanco, Ezequiel Gutesman
In
Hack.lu 2011
Date published
2011-09-20
Keywords
WiFi, Windows Native WiFi API

Abstract

Communications over wireless channels have been perfected in the last years mainly improving performance and speed features. Security in this field has been a concern since the first 802.11 draft, having evolved by adding security features based on different crypto systems. In this paper we focus on the construction of a covert channel, exploitable in any system, between any endpoint and a specially crafted endpoint. The channel built can be started even while an active connection is established between a computer and a wireless Access Point, with one unique network device. This functionality allows an attacker that compromised a wireless enabled endpoint to extract available information and avoid detection. We will describe the design behind the channel structure and a fully functional implementation.

Full paper
Hack.lu 2011 slides

Source Code

Demo: PoC covert channel md5:d2949403be2c1ca0726624ed906c1add

Attachments

demo.tar.gz - Covert Channel PoC
slides.pdf - Slides Hack.lu 2011