1 / 17

Denial of Convenience Attack to Smartphones Using a Fake Wi-Fi Access Point

This paper discusses Denial of Convenience (DoC) attacks on smartphones through the use of a fake Wi-Fi access point. It examines the vulnerabilities in Wi-Fi protocols and the potential for exploiting them. The paper also proposes several defense mechanisms to counteract these attacks.

fwheeler
Download Presentation

Denial of Convenience Attack to Smartphones Using a Fake Wi-Fi Access Point

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Denial of Convenience Attack to Smartphones Using a Fake Wi-Fi Access Point Erich Dondyk, Cliff C. Zou University of Central Florida

  2. Background Cellular Channel (e.g. 3G) Wi-Fi Channel A smartphone can connect to the Internet through only one broadband channel at any particular time

  3. Wi-Fi Advantages • It is usually faster • Does not consume the user’s data plan • Does not consume the cellular provider’s bandwidth Users are encouraged to use the Wi-Fi channel when available because:

  4. Wi-Fi Protocol Vulnerability • Wi-Fi protocol automatically connects (or asks the user to connect) to an open Wi-Fi APs • Wi-Fi protocol never checks if a Wi-Fi access point has a functioning Internet connection or not • Could stop Internet access if the AP does not work • Users have to know how to disable WiFi to get back 3G broadband access The following two characteristics of the Android and iPhone Wi-Fi protocol allow for exploit:

  5. Motivation • Currently, more than one third of all adults in the United States own a smartphone. • Many of these users are not technologically savvy to diagnose this type of attack and/or take corrective actions. • Mounting a successful Denial-of-Convinience (DoC) attack can be achieved with simple hardware device.

  6. Attack 1: Simple Passive Wi-Fi Access Point • Implementations: • Wireless router without an Internet connection • - OR - • Laptop/smartphone configured as a Wi-Fi AP Setup a Wi-Fi AP without an internet connection

  7. Prototype Fake AP implementation using a Linux netbook with an external ALFA network adapter costing less than $30 The adapter has a higher power (30dBm) than normal APs (20dBm): It could bury real AP that has the same SSID!

  8. Experiment of Attack 1 The result of Attack 1 on an Android phone: (a) the connection status of the fake AP and (b) the smartphone does not have a working Internet connection because of its Wi-Fi connection with the fake AP.

  9. Defense 1: Static Identifier Validation Sends a challenge to a validation server Receives a response from the validation server Compares a key in the validation response against a key stored in the device

  10. Experiment of Defense 1 • The simple validation procedure can detect fake AP used in Attack 1 • If the AP is invalid, Wi-Fi stack shows that the fake AP has been disabled by Wi-Fi Authenticator

  11. Attack 2: Fake Validation Response Setup a fake Wi-Fi AP Setup a local fake validation server (e.g., on the same laptop/smartphone) Forward all probing packages to local validation server Redirect validation challenge to a fake validation server

  12. Defense 2: Dual Channel Validation Before connecting to a Wi-Fi AP, send a randomly generated validation key to the validation server through the cellular 3G network In WiFi channel: Send a challenge to the validation server Receive a response from validation server Compare the random key in the validation response against the key stored in the device

  13. Attack 3: Selective Internet Traffic Throttling Allow probing packages to reach the validation server Block or throttle all other data traffic

  14. Defense 3: Network Performance Monitoring After connecting to a Wi-Fi AP, measure the performance of the connection If below a predetermine threshold, transition back automatically to the cellular network

  15. Time used for Authentication

  16. Conclusion • DoC attacks are a threat against the two most popular smartphone operating systems, Android and iOS. • There are several approaches to implement a DoC attacks. • Defenses can be implemented to counteract each type of DoC attack considered.

  17. Questions?

More Related