PIP: REMOTELY INJECTING PHY-LAYER PACKETS WITHOUT A BUG OR YOUR RADIO presented at Ruxcon 2012

by Travis Goodspeed,

Tags: Security

Summary : The Packet-in-Packet (PIP) vulnerability exists in most unencrypted digital radios of variable frame length, including Wifi and Zigbee. Sometimes a packet is damaged in a way that the receiver does not know the packet has begun, in which case a carefully crafted string inside of the packet is mistaken for being a packet. The interior packet is entirely controlled by whomever crafted it, including all header fields and the checksum. No software vulnerability is needed to allow for this injection, and there is no known fix without breaking backward compatibility or mandating encryption.