Description: The Packet-in-Packet (PIP) vulnerability exists in most unencrypted digital radios of variable frame length, including Wifi and Zigbee. Sometimes a packet is damaged in a way that the receiver does not know the packet has begun, in which case a carefully crafted string inside of the packet is mistaken for being a packet. The interior packet is entirely controlled by whomever crafted it, including all header fields and the checksum. No software vulnerability is needed to allow for this injection, and there is no known fix without breaking backward compatibility or mandating encryption.
TRAVIS GOODSPEED BIO
Travis Goodspeed is a neighborly expat from Southern Appalachia who wanders the world as a circuit preacher of strange exploits and weird machines. At Breakpoint, you might have seen his presentation on emulating the USB Device Firmware Update protocol in order to record, patch, and replay firmware updates.
Tags: securitytube , hacking , hackers , information security , convention , computer security , ruxcon-2012 ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.