2.11. Wi-Fi

2.11.1. Introduction

Wi-Fi, also known as “wireless hotspot” or “wireless network”, is a trademark of the Wi-Fi Alliance, a wireless local area network technology based on the IEEE 802.11 standard.

2.11.2. Attacks

2.11.2.1. Brute force

The WiFi password is based on the preset secret key, which can be used for local quick batch password blasting attempts by capturing packets.

2.11.2.2. Fake hotspots

The AP can dynamically broadcast itself, and the client can also actively send probe requests. It is possible to forge the AP to send a response packet to the probe request to make the client misidentify.

2.11.2.3. Key Reinstallation Attack

The vulnerability was discovered by Vanhoef. During the Wi-Fi handshake, both parties will update the secret key. This attack makes the client reinstall the same secret key by replaying the handshake information.

2.11.2.4. Dragonblood

The latest version of the WPA3 standard has some implementation issues, also discovered by Vanhoef. Including denial of service attacks, downgrade attacks, side channel leaks, etc.

2.11.3. Reference Links

• Wi-Fi Alliance

• Dragonblood : Analyzing the Dragonfly Handshake of WPA3 and EAP-pwd

• Improving Privacy through Fast Passive Wi-Fi Scanning

• Practical Side-Channel Attacks against WPA-TKIP

• Key Reinstallation Attacks: Breaking the WPA2 Protocol

• RFC 7664 Dragonfly Key Exchange