CHAOS: Exploiting Station Time Synchronization in 802.11 Networks
Sirus Shahini
Network and Distributed System Security (NDSS) Symposium 2025 · Day 1 · WiFi and Bluetooth Security
This talk, titled "CHAOS: Exploiting Station Time Synchronization in 802.11 Networks," presented by Sirus Shahini, unveils a novel and highly stealthy **covert channel** strategy that leverages a fundamental, low-level functionality of Wi-Fi networks: the **Timing Synchronization Function (TSF)**. The research demonstrates how inherent, natural fluctuations in the TSF, typically considered noise, can be precisely modulated to establish a secret communication channel that is both remarkably fast and reliable. This work challenges long-held assumptions about the security of foundational Wi-Fi protocols and highlights a significant design issue within the 802.11 standard.
AI review
Genuine protocol-layer research that reframes TSF noise — previously treated as benign jitter — as a viable, high-capacity covert channel. The attack surface is inherent to 802.11 infrastructure mode, requires no firmware mods, runs on a Raspberry Pi, and has no clean patch path short of a protocol redesign. That's a real contribution.