Arise from the Wireless: Breaking the Security Barrier in Wi-Fi
Wei-Che Kao
Hexacon 2025 · Day 1 · Main Stage
In this comprehensive security study presented at Hexacon, Wei-Che Kao, a security researcher from DEVCORE, delved into the often-overlooked security landscape of MediaTek Wi-Fi chips. The talk, titled "Arise from the Wireless: Breaking the Security Barrier in Wi-Fi," provided an in-depth exploration ranging from the intricate process of reverse engineering Wi-Fi Microcontroller Unit (MCU) firmware to uncovering critical vulnerabilities within the Wi-Fi kernel module. Kao culminated the presentation by demonstrating a sophisticated exploit that achieved **remote code execution (RCE)** on a Wi-Fi router by leveraging a specific heap buffer overflow vulnerability.
AI review
Solid, technically grounded research into an under-scrutinized target that genuinely needed attention. Kao did the hard work — reverse engineering two distinct MCU architectures (MDS32 and Andes RISC-V with CodAns), extracting encrypted firmware via core dumps, writing custom Sleigh definitions, and ultimately delivering a working RCE exploit chain. The research covers a supply chain that touches hundreds of millions of devices, and the SoftMAC architectural insight explaining *why* the kernel module is the real attack surface is the kind of foundational framing that makes a talk land beyond…