| skipped 8 lines |
| 9 | 9 | | also known as AP isolation. The attack can also be used to bypass Dynamic ARP inspection (DAI), |
| 10 | 10 | | and can likely also be used to bypass other methods that prevent clients from attacking each other. |
| 11 | 11 | | The attack is also known as the _security context override attack_, see Section 5 of our |
| 12 | | - | [USENIX Security '23 paper](https://www.usenix.org/conference/usenixsecurity23/presentation/schepers). |
| | 12 | + | [USENIX Security '23 paper](https://papers.mathyvanhoef.com/usenix2023-wifi.pdf). |
| 13 | 13 | | |
| 14 | 14 | | Concrete examples of possible affected networks are: |
| 15 | 15 | | |
| skipped 85 lines |
| 101 | 101 | | to which client packets should be sent, i.e., routed, to. |
| 102 | 102 | | |
| 103 | 103 | | For extra details on the attack, see the _security context override attack_ (Section 5) in our paper |
| 104 | | - | [Framing Frames: Bypassing Wi-Fi Encryption by Manipulating Transmit Queues](https://www.usenix.org/conference/usenixsecurity23/presentation/schepers). |
| | 104 | + | [Framing Frames: Bypassing Wi-Fi Encryption by Manipulating Transmit Queues](https://papers.mathyvanhoef.com/usenix2023-wifi.pdf). |
| 105 | 105 | | |
| 106 | 106 | | |
| 107 | 107 | | # 3. Possible mitigations |
| skipped 574 lines |
Mathy Vanhoef
committed
with
GitHub
1 year ago
1 parent 5a4bb099