I'm not really on wifi good enough to reply extensively, but I pushed an update to the post explaining this better. If you carry out the read explicitly, you can still get the anomaly in much the same way. I should've done so from the beginning, but I tried to simplify the argument and went too far.
I'm not really on wifi good enough to reply extensively, but I pushed an update to the post explaining this better. If you carry out the read explicitly, you can still get the anomaly in much the same way. I should've done so from the beginning, but I tried to simplify the argument and went too far.
I'm not really on wifi good enough to reply extensively, but I pushed an update to the post explaining this better. If you carry out the read explicitly, you can still get the anomaly in much the same way. I should've done so from the beginning, but I tried to simplify the argument and went too far.
In case someone reads the cached version, I added a note about my point about Wifi after it was brought up that the attacker could be the Wifi provider itself so refresh the page.
Sure, but if all of us are walking around with tinfoil hats on, looking over our backs for the men in black suits, all of the time we wouldn't get much done now would we?
Also, once again, the channel hopping is fairly normal for a wifi wardriving setup, feel free to go test this theory on your own, as well as go driving down the road at 25 - 50 Mph and get anything but a few packets of data from the wireless networks you do come across where the owners at the moment you are driving by are using their wireless, and data is being transmitted in clear text.
It's not identical. The WiFi chip has its own processor running its own code, and that's what the exploit affects.
It may be possible, even trivial, to leverage that into running arbitrary code on the main CPU, depending on how the stuff is designed. If the WiFi chip has unrestricted access to RAM then that would be it. If not, it's likely that the OS drivers for the chip aren't hardened against malicious input from the WiFi chip and could be exploited.
Wi-Fi makes that pretty damn hard to verify. In theory, malicious firmware could even opportunistically link up with other malicious firmware acting as a bridge via some undocumented protocol that would only be detectable by looking at the raw spectrum.
I would perhaps add a comment about how they were scanning about 5 networks per second on average (per Google's blog post that spawned this story), so it's likely that only a fraction of a second of data being transmitted at that particular time was intercepted. A layperson may not even realize that it wasn't the contents of the machines on a wifi network that was being scanned, but a tiny amount of the traffic going across it.
>What if they could determine the endpoint of the data and see that there was nothing connected to that endpoint at the same time, sending the same amount of traffic (using it as a proxy).
You say that as if breaking into someone's PC and using their wireless NIC to break into neighboring networks is totally implausible. Commonly known as pivoting.
I would call behavioural heuristics of WiFi ‘attacks’ dubious at best. Knowing the specific software the attacker is using has minimal/no value in actually fixing the issue either.
>You wifi cards constantly sends out “hey home network, are you there? Hey network of my mate, are you there?” for every network you where connected at one time, resulting in a pretty unique used AP list that leaks astonishing metadata like where you where on vacation in some scenarios (“trump hotel guest wifi”) and so on… More a threat to smartphones, but of course also applies to laptops.
IIRC this only applies if you have connected to "hidden" networks. Directed probes (ie. probes with SSIDs) are only really needed in those cases because the SSID isn't being broadcasted. For networks with SSIDs clients will send a probe without any APs, which causes all nearby APs to reply.
reply