Informational Wi-Fi Traffic As a Covert Communication Channel For Malware

angry tapir writes A security researcher has developed a tool to demonstrate how the unauthenticated data packets in the 802.11 wireless LAN protocol can be used as a covert channel to control malware on an infected computer. From the article: "The protocol relies on clients and access points exchanging informational data packets before they authenticate or associate with each other, and this traffic is not typically monitored by network security devices. Tom Neaves, a managing consultant at Trustwave, developed a proof-of-concept tool called Smuggler that leverages these packets, known as wireless management frames, to communicate with malware."

Requires Infected Computer. Nothing new.

[danknight48]

Neaves used it to implement an interactive shell that allowed him to remotely execute commands on an infected computer

So, the computer needs to be infected 1st with additional malware software.

More info on this malware is needed, sounds like a simple custom program coded for this very task. Otherwise, nothing new here, or interesting. Hes just sending commands over wifi using a blank SSID to a computer with malware that processes the data. Glorified "hacker" VNC, nothing else.

Not necessarily infected

[gwolf]

If you want to smuggle data out of a well-guarded network perimeter, you can use one or several covert channel techniques. You seem to send out innocent traffic, but secrets are encoded in it. So, in a sense, the risk is not having an infected computer — But a compromised employee.

Covert channels are useful for future Snowdens. And, of course, they have been proven unavoidable.