Mathy Vanhoef
@vanhoefm.bsky.social
Prof. @KU_Leuven | Research in Network & Software Security | Known for WPA2 KRACK attack, Dragonblood, and FragAttacks | Open to consultancy | Ex-Postdoc NYU
Disclosure timeline is on X/twitter: reported in 2012, but no real response because it was considered theoretical. They weren't given access to a train's test track facility, so impossible to confirm ethically in practice. Devices now considered end of life. Replacement is maybe here in 2027..
July 12, 2025 at 12:45 PM
Disclosure timeline is on X/twitter: reported in 2012, but no real response because it was considered theoretical. They weren't given access to a train's test track facility, so impossible to confirm ethically in practice. Devices now considered end of life. Replacement is maybe here in 2027..
Reposted by Mathy Vanhoef
Also in Poland. It was used by Russia in 2023 to stop about 20 trains.
Suspicious Train Disruptions in Poland: Is Russia Pulling the Levers? | RAILTARGET
Over the past weekend, Poland experienced an unusual series of train stoppages that have raised serious national security concerns.
www.railtarget.eu
July 12, 2025 at 12:23 PM
Also in Poland. It was used by Russia in 2023 to stop about 20 trains.
I somehow missed this paper. Creative work of the authors, thanks for sharing!
July 7, 2025 at 10:25 PM
I somehow missed this paper. Creative work of the authors, thanks for sharing!
I saw that too.. good luck with the submission!
June 6, 2025 at 1:10 PM
I saw that too.. good luck with the submission!
The Wi-Fi Alliance test plan is something I haven't seen myself... it's indeed annoying to get familiar with the big picture. Though I would say that the Dragonfly RFC can be ignored, the full description is in the IEEE 802.11 standard, and 802.11 contains updates to the side-channel leaks etc.
June 1, 2025 at 3:15 AM
The Wi-Fi Alliance test plan is something I haven't seen myself... it's indeed annoying to get familiar with the big picture. Though I would say that the Dragonfly RFC can be ignored, the full description is in the IEEE 802.11 standard, and 802.11 contains updates to the side-channel leaks etc.
So the WPA3 document is basically "support these features of the 802.11 standard, and some minor extensions in that document, and then you can call yourself WPA3" + some best practices
May 27, 2025 at 9:57 PM
So the WPA3 document is basically "support these features of the 802.11 standard, and some minor extensions in that document, and then you can call yourself WPA3" + some best practices