Abusing the Windows WiFi native API to create a Covert Channel

Communications over wireless channels have been perfected in the last years mainly improving performance and speed features. Security in this field has been a concern since the first 802.11 draft, having evolved by adding security features based on different crypto systems. In this paper we focus on the construction of a covert channel, exploitable in any system, between any endpoint and a specially crafted endpoint. The channel built can be started even while an active connection is established between a computer and a wireless Access Point, with one unique network device. This functionality allows an attacker that compromised a wireless enabled endpoint to extract available information and avoid detection. We will describe the design behind the channel structure and a fully functional implementation.

View Slides