Ghost in the Wireless, iwlwifi edition — Gabriel Campana, Nicolas Iooss
Date : 02 June 2022 à 11:30 — 30 min.
Wi-Fi replaced Ethernet and became the main network protocol on laptops for the last few years. Software implementations of the Wi-Fi protocol naturally became the targets of attackers, and vulnerabilities found in Wi-Fi drivers were exploited to gain control of the OS, remotely and without any user interaction. However, not much research has been published on Wi-Fi firmware, outside of Broadcom models.
This article presents the internals of an Intel Wi-Fi chip. This study, mostly conducted through reverse engineering, led to the discovery of vulnerabilities such as arbitrary code execution on the chip and secure boot bypass, which were reported to the manufacturer.