Amazing-Mirror/fragattacks
1
0
Fork 0
mirror of https://github.com/vanhoefm/fragattacks.git synced 2025-02-17 17:43:06 -05:00
Code Issues Projects Releases Wiki Activity

fragattack: note to code audit cache attacks

Browse Source
This commit is contained in:
Mathy Vanhoef 2020-10-26 04:59:38 +04:00
parent 1c03998f4b
commit 65a533d905
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
research/README.md
View File

@ -385,6 +385,12 @@ The last two tests are used to simulate our A-MSDU injection attack:
which can be useful in case there is a small delay between completion of the handshake and installing the which can be useful in case there is a small delay between completion of the handshake and installing the
negotiated key. negotiated key.
- Overall it can be tedious to test if a device is vulnerable to cache attacks. Therefore I also recommend to
perform a code audit to check if fragments stay in the memory after disassociating or deauthenticating from
a network or after reassociating (this can also be dynamically checking using debug prints). If fragments
stay in memory, you should consider this as a risk, even if it's unknown whether it can be exploited. This
is similar to knowing an implementation has a buffer overflow but not (yet) knowing how to exploit it.
<a id="id-test-nonconsec"></a> <a id="id-test-nonconsec"></a>
## 7.5. Non-consecutive PNs attack (§6.2 -- CVE-2020-26146) ## 7.5. Non-consecutive PNs attack (§6.2 -- CVE-2020-26146)