In early 2019, myself and fellow Denver-based researcher Steve Darracott (@theDarracott) set out to answer the question — “is Opportunistic Wireless Encryption (OWE) susceptible to abuse and attack, and if so, how?”. Ultimately, we succeeded in implementing multiple working proof of concept attacks, which we demonstrated at the DEF CON…


In early 2019, myself and fellow Denver-based researcher Steve Darracott (@theDarracott) set out to answer the question — “is Opportunistic Wireless Encryption (OWE) susceptible to abuse and attack, and if so, how?”. Ultimately, we succeeded in implementing multiple working proof of concept attacks, which we demonstrated at the DEF CON…


In early 2019, myself and fellow Denver-based researcher Steve Darracott (@theDarracott) set out to answer the question — “is Opportunistic Wireless Encryption (OWE) susceptible to abuse and attack, and if so, how?”. Ultimately, we succeeded in implementing multiple working proof of concept attacks, which we demonstrated at the DEF CON…


In Part II of this series, we described how improvements in wireless client security have put a dent in our ability to use Karma attacks against modern devices (see: https://posts.specterops.io/modern-wireless-attacks-pt-ii-mana-and-known-beacon-attacks-97a359d385f9). We then discussed the MANA, Loud Mode MANA, and Known Beacons attacks, which can be used to overcome these improvements.


In Part I of this series, we went over some 802.11 fundamentals and described how the roaming and network selection features of the protocol can be abused to perform wireless Person-In-The-Middle (PITM) attacks. We also discussed how to perform basic rogue access point attacks in EAPHammer (see: https://github.com/s0lst1c3/eaphammer). …


Introduction

The past few years have seen some exciting developments in the subtle art of forcing wireless devices to connect to malicious access points. …

Gabriel Ryan

Researcher and Infosec Journeyman. Red / Blue multiclass battlemage @SpecterOps. I enjoy low-level code and things without wires. Views are my own. #hacking 247

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store