Mastodawn

We found that Wi-Fi client isolation can often be bypassed. This allows an attacker who can connect to a network, either as a malicious insider or by connecting to a co-located open network, to attack others.

NDSS'26 paper: https://www.ndss-symposium.org/wp-content/uploads/2026-f1282-paper.pdf
GitHub: https://github.com/vanhoefm/airsnitch

High-level article on the work by Dan Goodin: https://arstechnica.com/security/2026/02/new-airsnitch-attack-breaks-wi-fi-encryption-in-homes-offices-and-enterprises/ I'd say we bypass Wi-Fi encryption though, in the sense that we can bypass client isolation. We don't break Wi-Fi authentication or encryption. Crypto is often bypassed instead of broken. And we bypass it ;) If you don't rely on client/network isolation, you are safe: we can't just break any Wi-Fi network.

Mathy Vanhoef Aug 13, 2025

jiska 🦄

Aug 6, 2025

Been working on some interesting mobile security research lately? 📱🔬 Submit it to Black Hat Europe, the CFP deadline is August 11. Speaker honorarium + travel to London 🎡💂🏼‍♀️🏙️ are covered!

I'm the Mobile track lead this year and happy to chat if you've got questions about what we're looking for in submissions.

https://europe-briefings-cfp.blackhat.com

Black Hat Europe 2025 Briefings

Mathy Vanhoef Aug 13, 2025

At USENIX Security? Then check out:

Studying the Use of CVEs in Academia, won distinguished paper award https://www.usenix.org/conference/usenixsecurity25/presentation/schloegel

Discovering and Exploiting Vulnerable Tunnelling Hosts, won most innovative research Pwnie @ DEFCON https://www.usenix.org/conference/usenixsecurity25/presentation/beitis

Big thanks to all co-authors!! #usenixsecurity

Mathy Vanhoef Jul 12, 2025

Our research on open tunneling servers got nominated for the Most Innovative Research award :)

The work will be presented by Angelos Beitis at Black Hat and also at USENIX Security

Brief summary and code: https://github.com/vanhoefm/tunneltester
Paper: https://papers.mathyvanhoef.com/usenix2025-tunnels.pdf

Show thread

Mathy Vanhoef Jul 12, 2025

Disclosure timeline is on X/twitter: reported in 2012, but no real response because it was considered theoretical. They weren't given access to a train's test track facility, so impossible to confirm ethically in practice. Devices now considered end of life. Replacement is maybe here in 2027..

Mathy Vanhoef Jul 12, 2025

Yikes. Turns out you can send a plaintext radio signal to cause any train in the USA to do an emergency break. The original 'security' was just a checksum, no encryption or authentication. Reporting this took them 12 years (!) because the vendor dismissed it initially https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-10

Mathy Vanhoef Jul 5, 2025

bert hubert 🇺🇦🇪🇺🇺🇦Jul 5, 2025

The attempts by law enforcement & governments to subvert end-to-end encryption are ongoing. The European Commission is going to spend a year thinking about their new "Roadmap for law enforcement access to data", and they are (genuinely) asking for people to join their expert group to help. Here I urge you to join that group (also because I can't): https://berthub.eu/articles/posts/possible-end-to-end-to-end-come-help/

Possible End to End to End Encryption: Come Help - Bert Hubert's writings

tl;dr: The European Commission is honestly asking for experts to advise them on ways to institute “effective and lawful access to data for law enforcement”. If you are an expert, I urge you to apply to join this group. You have until September 1st. Do read on for more details! The never-ending battle where police and intelligence services demand more/total access to communications shows no sign of stopping, even in the face of mathematical and practical impossibilities.

Bert Hubert's writings

Mathy Vanhoef Jun 10, 2025

Reminder to apply to be part of the artifact evaluation committee of NDSS'26! And share with your colleagues :) We'll likely close this form around the end of next week. https://docs.google.com/forms/d/e/1FAIpQLSdQGc5NsZnYqEW7MQw4ciXOc0UIIP4cxSo82WQxJpej42qlKA/viewform

Self-nomination for the Artifact Evaluation Committee of NDSS 2026

We are looking for members of the Artifact Evaluation Committee (AEC) of NDSS 2026. The Network and Distributed System Security symposium adopts an Artifact Evaluation (AE) process allowing authors to submit an artifact alongside accepted papers. The artifact may include source code, scripts, datasets, models, test suites, benchmarks, and/or any other material underlying the paper's contributions. The AE process aims to promote the reproducibility of experimental results and the dissemination of artifacts. Publishing an artifact immediately benefits how easily peers can build on it, use it as a comparison point, or solve questions about cases not considered by the original authors. The AEC reviews artifacts for how they may empower others for follow-up work and allows them to reproduce the results from the original paper. AEC membership in a top-tier venue can be very attractive for early-career researchers working in areas covered by NDSS. Notably, you may gain reviewing experience by critically reading about first-class research, and learn how to package experiments neatly (as well as what to expect when you will be an artifact author). We anticipate the AEC will consist mainly of experienced graduate students and postdocs. Junior students and young faculty members are also welcome to apply. As the work of the AEC takes place entirely online, you can be located anywhere in the world. The AE of NDSS comprises two rounds according to the following schedule: Summer cycle Artifact registration deadline: Tue, 8 Jul 2025 Artifact submission deadline: Mon, 14 Jul 2025 Kick-the-tires stage (preliminary questions for authors): Fri, 18 Jul 2025 to Fri, 25 Jul 2025 <in-depth reviewing - includes sending preliminary reviews for authors and online AEC discussions> Artifact decisions: Mon, 8 Sep 2025 Fall cycle Artifact registration deadline: Mon, 27 Oct 2025 Artifact submission deadline: Fri, 31 Oct 2025 Kick-the-tires stage (preliminary questions for authors): Tue, 4 Nov 2025 to Fri, 13 Nov 2025 <in-depth reviewing - includes sending preliminary reviews for authors and online AEC discussions> Artifact decisions: Mon, 15 Dec 2025 AEC members commit to serve for both cycles and to be responsive and active during the entire evaluation period. They are expected to bid for the artifacts they would like to review, to read the associated papers, to evaluate their assigned artifacts in depth, and in general to be available until each notification deadline. When submitting your self-nomination, please ensure you will have sufficient time and availability (e.g., holidays and other commitments) for the AEC during the two AE periods July 8th to September 8th 2025 and October 27th to December 15th 2025. The expected workload is 2 reviews for the Summer submission cycle and 3 for the Fall cycle. We estimate you will need 10-15 hours to assess each artifact. Additional details will be made available on the AE website: https://secartifacts.github.io/ndss2026/ We look forward to working with you! - NDSS 2026 Artifact Evaluation co-chairs Mathy Vanhoef (KU Leuven) and Daniele Antonioli (EURECOM)

Google Docs

Mathy Vanhoef May 25, 2025

All papers should publish their code. Help realize this by becoming an artifact reviewer at NDSS'26, apply here: https://docs.google.com/forms/d/e/1FAIpQLSdQGc5NsZnYqEW7MQw4ciXOc0UIIP4cxSo82WQxJpej42qlKA/viewform

You'll get to review artifacts of accepted top papers. We especially encourage junior/senior PhD students & PostDocs to help.

Awards will be given to distinguished reviewers.

Self-nomination for the Artifact Evaluation Committee of NDSS 2026

We are looking for members of the Artifact Evaluation Committee (AEC) of NDSS 2026. The Network and Distributed System Security symposium adopts an Artifact Evaluation (AE) process allowing authors to submit an artifact alongside accepted papers. The artifact may include source code, scripts, datasets, models, test suites, benchmarks, and/or any other material underlying the paper's contributions. The AE process aims to promote the reproducibility of experimental results and the dissemination of artifacts. Publishing an artifact immediately benefits how easily peers can build on it, use it as a comparison point, or solve questions about cases not considered by the original authors. The AEC reviews artifacts for how they may empower others for follow-up work and allows them to reproduce the results from the original paper. AEC membership in a top-tier venue can be very attractive for early-career researchers working in areas covered by NDSS. Notably, you may gain reviewing experience by critically reading about first-class research, and learn how to package experiments neatly (as well as what to expect when you will be an artifact author). We anticipate the AEC will consist mainly of experienced graduate students and postdocs. Junior students and young faculty members are also welcome to apply. As the work of the AEC takes place entirely online, you can be located anywhere in the world. The AE of NDSS comprises two rounds according to the following schedule: Summer cycle Artifact registration deadline: Tue, 8 Jul 2025 Artifact submission deadline: Mon, 14 Jul 2025 Kick-the-tires stage (preliminary questions for authors): Fri, 18 Jul 2025 to Fri, 25 Jul 2025 <in-depth reviewing - includes sending preliminary reviews for authors and online AEC discussions> Artifact decisions: Mon, 8 Sep 2025 Fall cycle Artifact registration deadline: Mon, 27 Oct 2025 Artifact submission deadline: Fri, 31 Oct 2025 Kick-the-tires stage (preliminary questions for authors): Tue, 4 Nov 2025 to Fri, 13 Nov 2025 <in-depth reviewing - includes sending preliminary reviews for authors and online AEC discussions> Artifact decisions: Mon, 15 Dec 2025 AEC members commit to serve for both cycles and to be responsive and active during the entire evaluation period. They are expected to bid for the artifacts they would like to review, to read the associated papers, to evaluate their assigned artifacts in depth, and in general to be available until each notification deadline. When submitting your self-nomination, please ensure you will have sufficient time and availability (e.g., holidays and other commitments) for the AEC during the two AE periods July 8th to September 8th 2025 and October 27th to December 15th 2025. The expected workload is 2 reviews for the Summer submission cycle and 3 for the Fall cycle. We estimate you will need 10-15 hours to assess each artifact. Additional details will be made available on the AE website: https://secartifacts.github.io/ndss2026/ We look forward to working with you! - NDSS 2026 Artifact Evaluation co-chairs Mathy Vanhoef (KU Leuven) and Daniele Antonioli (EURECOM)

Google Docs

Mathy Vanhoef May 7, 2025

New version of the IEEE 802.11 standard that underpins Wi-Fi has been released. A total of 5969 pages!

The number of pages clearly keeps increasing. That includes more features to defend networks, but also more features to potentially abuse 👀

Website	https://www.mathyvanhoef.com
GitHub	https://github.com/vanhoefm
Twitter	https://twitter.com/vanhoefm
YouTube	https://youtube.com/@vanhoefm