This presentation introduces two novel attacks that abuse the power-save (sleep) functionality of Wi-Fi. In our first attack, we target a protected Wi-Fi network and abuse sleep mode to leak frames in plaintext. The idea is that the adversary forces an Access Point to buffer frames, and then causes the buffered frames to be transmitted using the wrong or no key. For instance, some affected APs will leak buffered frames by encrypting them using an all-zero key, and some APs will even leak frames in plaintext.
In our second attack, we introduce network disruption attacks based on the forced queueing of frames.....
By: Domien Schepers , Mathy Vanhoef
Full Abstract and Presentation Materials:
www.blackhat.c...