A handshake for vulnerabilities - A short dive into Krack and Dragonblood
2019-11-30, 10:35–11:05 (Europe/Vienna), Dachsaal

We all know and love it and would like to have it available all over the world - Wireless LAN. A technology that is used in many places to provide free Internet access, enable networking for various components or to move freely in offices and at home. But how secure is the wireless network that connects so many devices?
This talk will explore this question and try to give a brief overview of the functionality of the encryption standards WPA2 and WPA3 and explain known attacks on these two standards. The talk will also demonstrate the use of the well-known Krackattack.


This talk deals with the different attacks like Krackattack and the Dragonblood attack on the known WPA vulnerabilities. In order to explain the vulnerabilities in an understandable way, some basics of the respective WPA standards are explained first, such as the 4-Way Handshake in WPA2.
Building upon this, the attack "Krackattack" for the WPA2 standard is explained in detail. In the course of this, the susceptible functionalities, weak points and involved components are explained and the resulting possibilities for an attacker are explained. Furthermore, appropriate countermeasures are presented which users or administrators can use to protect themselves against these attacks or what should be considered when eliminating the vulnerabilities. So that the attack is not only described theoretically, a live demo is part of the presentation. This demo shows how this vulnerability can actually be exploited and which tools and hardware are necessary.

The new wireless encryption standard WPA3 was finalized and released by the Wi-Fi Alliance in 2018. In the near future, this new standard is supposed to replace the WPA2 standard, which has been in use for many years. The innovations and improvements compared to the WPA2 standard are therefore also part of this presentation. Many of these innovations also promise improvements in terms of security. Nevertheless, researchers have already identified vulnerabilities in the standard published by the Wi-Fi Alliance - the so-called "Dragonblood" attack. This attack will also be examined and explained in detail during the presentation. As with the WPA2 vulnerabilities, the vulnerable functionalities, vulnerabilities and components involved are explained and the resulting possibilities for an attacker are explained. Finally, appropriate countermeasures are presented.

See also: Slides

My name is Christoph Rottermanner and I come from Randegg in Lower Austria. In 2015 I finished my bachelor degree in IT-Security at the University of Applied Sciences in Sankt Pölten and in 2017 the master degree in Information-Security. I am currently employed at it.sec, where I mainly perform penetration tests of web applications as well as on-site infrastructure tests. In April 2016, I successfully completed the OSCP (Offensive Security Certified Professional) certification. In my spare time I develop projects in Python, search for vulnerabilities in websites by taking part in bug bounty programs or deal with current security-related topics. I can be found on Twitter under @pycycle and I have my own blog.