Interesting, thanks for the pointer!
26.02.2026 22:58
π 0
π 0
π¬ 1
π 0
Interesting, thanks for the pointer!
Client isolation is supposed to prevent two clients on the same SSID to attack each other. We can bypass client isolation. Attacks are independent of the used crypto settings :)
βUsing WPA3 or client certificates or GCMP or <other crypto> doesnβt prevent our attacksβ. When writing the paper, reviewers often asked βdoes it work against WPA3/MFPβ and the answer is yes
Excellent article on the work by @dangoodin.bsky.social: arstechnica.com/security/202...
I'd say we bypass Wi-Fi encryption, in the sense that we can bypass client isolation. We don't break Wi-Fi authentication or encryption. Crypto is often bypassed instead of broken. And we bypass it ;)
We found that Wi-Fi client isolation can often be bypassed. This allows an attacker who can connect to a network, either as a malicious insider or by connecting to a co-located open network, to attack others.
NDSS'26 paper: www.ndss-symposium.org/wp-content/u...
GitHub: github.com/vanhoefm/air...
In addition to being absolutely brilliant, amazing & charming in her own right, we all know she was raised by a single dad w/4 siblings and that he came to the US bc of persecution bc of his participation in the β89 Tiananmen democracy uprising, right?
this is one of the most amazing papers I have ever read
eprint.iacr.org/2026/058.pdf
The NDSS Symposium 2026 program is live. With 265 accepted papers and 8 workshops, the quality of security research this year is staggering. It is a testament to the community's dedication to keeping the digital world safe. www.ndss-symposium.org/ndss2026/pro... 1/4
The US government is considering punishing American scientists who worked with Chinese researchers *years ago, retroactively*.
I've found AI tools to be quite useful too look for related work. And apparently so do others, searching Google Scholar for "utm_source=chatgpt.com" gives 13,900+ hits ;) scholar.google.com/scholar?star...
Russia is blocking mobile phones being brought back into the country from abroad for 24 hours, in an attempt to mitigate drone attacks. Seems like this can probably be bypassed using relay "worm hole" attacks, though it adds some complexity.
novayagazeta.eu/articles/202...
woo! $10 MM USD in grants from ICANN... amazing. And great grantees here! "ICANN Announces First Cohort of Grant Program Recipients" www.icann.org/en/announcem...
Last chance to (self-) nominate for USENIX Security'26 Artifact Evaluation Committee!
You should expect a low load of ~1 artifact for functionality/reproducibility assessments per cycle (max 3 for the whole year).
Please support Open Science and fill the form by Oct 17: forms.gle/WoYRX4govNY1... π
I have been learning more about PDFs than I really wanted to for maybe the absolutely most funny reason possible - letting agency forgery: mjg59.dreamwidth.org/73317.html
The West has a blindspot when it comes to alternative CPU designs.β¨β¨
Weβre so entrenched in the usual x86, ARM, RISC-V world, that most people have no idea whatβs happening over in China.β¨β¨
LoongArch is a fully independent ISA thatβs sorta MIPSβ¦sorta RISC-Vβ¦and sorta x87!
At USENIX Security? Then check out:
Studying the Use of CVEs in Academia, won distinguished paper award www.usenix.org/conference/u...
Discovering and Exploiting Vulnerable Tunnelling Hosts, won most innovative research Pwnie @ DEFCON www.usenix.org/conference/u...
Big thanks to all co-authors!!
I'm thrilled to announce that after months of intensive work, the complete materials for my Applied Cryptography course at the American University of Beirut are now finished: both Part 1 (Provable Security) and Part 2 (Real-World Cryptography)!
Good luck :)
Breaking: NSF is suspending roughly 300 grants with UCLA, following a DOJ finding on Tuesday that the university violated Title VI by "creating a hostile educational environment for Jewish and Israeli students."
Our research on open tunneling servers got nominated for the Most Innovative Research award :)
The work will be presented by Angelos Beitis at Black Hat and also at USENIX Security
Brief summary and code: github.com/vanhoefm/tun...
Paper: papers.mathyvanhoef.com/usenix2025-t...
Disclosure timeline is on X/twitter: reported in 2012, but no real response because it was considered theoretical. They weren't given access to a train's test track facility, so impossible to confirm ethically in practice. Devices now considered end of life. Replacement is maybe here in 2027..
Also in Poland. It was used by Russia in 2023 to stop about 20 trains.
Yikes. Turns out you can send a plaintext radio signal to cause any train in the USA to do an emergency break. The original 'security' was just a checksum, no encryption or authentication. Reporting this took them 12 years (!) because the vendor dismissed it initially www.cisa.gov/news-events/...
Reminder that the MSCA postdoctoral program exists. If you have a PhD and want to work in a European lab, you have until September to apply. Just contact them now.
ec.europa.eu/info/funding...
I somehow missed this paper. Creative work of the authors, thanks for sharing!
Senate GOP budget bill has little-noticed provision that could hurt your Wi-Fi arstechnica.com/tech-policy/... ==> Possibly no 6GHz for Wi-Fi 7
Reminder to apply to be part of the artifact evaluation committee of NDSS'26! And share with your colleagues :) We'll likely close this form around the end of next week.
All papers should publish their code. Help realize this by becoming an artifact reviewer at NDSS'26, apply here: docs.google.com/forms/d/e/1F...
You'll review artifacts of accepted papers. We especially encourage junior/senior PhD students & PostDocs to help. Distinguished reviews will get awards!