Wireless Security

Wireless Driver Vulnerabilities: The Real Story

It looks like we will find out exactly what is going on, however we will have to wait until ToorCon 8 where Cache and Maynor will give a presentation:

Recently we gave a public demonstration of an exploit in a wireless device driver. We thought it was timely, important, but most importantly it was super cool. Since the first details of our demo were reported two camps instantly formed, people who thought the work and research was good and people thought we faked everything and we are horrible people. How could opinions differ go greatly? What is the story behind exactly what happened and more importantly what does this response mean for the security industry as a whole? This presentation won’t be a typical as it will cover the complete story, but it will also offer analysis and commentary of public responses while at the same time giving anyone who has a question a chance to have it answered.

I am a little disappointed that we have to wait a month before we can hear the real story, however I am certain that they have good reasons for doing it this way. I will speculate that a month gives vendors more time to fix vulnerabilities, Mac enthusiasts to make even bigger fools of themselves, and skeptics to report yet even more wacky conspiracy theories. As we have stated, we are standing behind the security researchers on this one and waiting until we have all the facts before we report any real details. For now, my suggestion is to keep your wireless card turned off when not in use.

Paul Asadoorian

Paul Asadoorian is currently the Principal Security Evangelist for Eclypsium, focused on firmware and supply chain security awareness. Paul’s passion for firmware security extends back many years to the WRT54G hacking days and reverse engineering firmware on IoT devices for fun. Paul and his long-time podcast co-host Larry Pesce co-authored the book “WRTG54G Ultimate Hacking” in 2007, which fueled the firmware hacking fire even more. Paul has worked in technology and information security for over 20 years, holding various security and engineering roles in a lottery company, university, ISP, independent penetration tester, and security product companies such as Tenable. In 2005 Paul founded Security Weekly, a weekly podcast dedicated to hacking and information security. In 2020 Security Weekly was acquired by the Cyberrisk Alliance. Paul is still the host of one of the longest-running security podcasts, Paul’s Security Weekly, he enjoys coding in Python & telling everyone he uses Linux.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.