Abusing the Windows WiFi native API to create a Covert Channel

Abusing the Windows WiFi native API to create a Covert Channel

Tuesday, September 20, 2011
Andres Blanco, Ezequiel Gutesman
Hack.lu 2011

Communications over wireless channels have been perfected in the last years mainly improving performance and speed features. Security in this field has been a concern since the first 802.11 draft, having evolved by adding security features based on different crypto systems. In this paper we focus on the construction of a covert channel, exploitable in any system, between any endpoint and a specially crafted endpoint. The channel built can be started even while an active connection is established between a computer and a wireless Access Point, with one unique network device. This functionality allows an attacker that compromised a wireless enabled endpoint to extract available information and avoid detection. We will describe the design behind the channel structure and a fully functional implementation.

Source Code

Demo: 

  • PoC covert channel¬†md5:d2949403be2c1ca0726624ed906c1add