Presentation on theme: "LISTING ACCESS POINT ON TOP OF THE LIST Hacking access point users By Uttam Gurung."— Presentation transcript:
LISTING ACCESS POINT ON TOP OF THE LIST Hacking access point users By Uttam Gurung
WIRELESS NETWORK AND DEVICES Wireless devices are common in todays world. Smartphones, tablets and ultra-books are connecting people to internet more than ever. Cheap and easier to use wireless routers has made it easy for user to connect to internet easily. Neighborhood is getting crowded by new access points added frequently. Wireless networks are secured and are password protected but there are other means to hack sensitive and private data, and access point passwords.
LISTING ACCESS POINT Operating Systems display list of available access points in different orders Windows 8 operating system lists available APs sorted by the strength of the wireless signal of access point IPad OS lists available APs sorted by the name of the APs. Windows Phone 8 OS displays the list of APs according to the strength of wireless signal. Can these listing behaviors be used by Hackers to their advantage to make users connect to the Honeypot AP and access private data? Can the same listing behavior be used to gain access to password of the legit access point?
ASSUMPTIONS OF THE RESEARCH Users can be fooled to connect to the access point, named similar to access point known to the user and listing it on top of the list. User will try to connect to the access point on top of the list even if they are unsecured, but has almost same name.
HARDWARE AND SOFTWARE Router: Linksys WRT54G Router Router Firmware: dd-wrt.v24-12548_NEWD_mini Proxy Server: Modified version of http proxy written by Fábio Domingues High gain 802.11 WIFI antenna: Vertical Omni-Directional 15 dB Omni Directional Antenna Operating System used for Experiment: The proxy server was ran on Raspberry Pi (Tiny ARM Computer) with Raspbian wheezy OS installed, which is an optimized version of Debian for Raspberry Pi.
CONTROLLED EXPERIMENT Experimented was performed in a household with three family members and two friends; age range from 19 to 28 Each users were given different devices to connect to the internet, each devices were reset and were not connected to any network by default. Dot was added to the name of targeted access point to list it on top of access point list displayed by IPad. AP with name.Upower was created to target legit access point Upower. Three out of five IPad users connected to the honeypot AP, fooled by how the name looked exact same and listed on top of crowded list. The legit Access Points strength was decreased to list the honeypot access point on top of AP list displayed by Windows 8 and Windows Phone 8 OS.
CONTROLLED EXPERIMENT Three out of five user in Windows 8 Operating System connected to honeypot access point. It was hard to put access point on top of the list as windows 8 list them sorted by wireless signal strength. None of the Windows Phone 8 operating system.
CONTROLLED EXPERIMENT IPad listing of access point..Upower is honeypot Upower is legit access point.
CONTROLLED EXPERIMENT Windows 8 listing of access point. Unsecure Upower and secure UPower are honeypot Secure Upower is legit access point.
CONTROLLED EXPERIMENT Windows 8 Phone list of Access Points
UNCONTROLLED EXPERIMENT One secured and another unsecured honeypot access points were created. Each honeypot access point were named similar to the targeted access point. Honeypot access point name was changed everyday to target different access points in neighborhood. Names were added dot on front to put it on top of the list of OS that sorted list by name. The high gain antenna were used to gain advantage over targeted access point to list the honeypot access point on top of the list for the OS that sorted the list by strength.
UNCONTROLLED EXPERIMENT Legit AP in Neighborho od Unsecured honeypot AP with DOT in beginning of AP name Secured Honeypot AP with exact same name as legit AP Unsecured honeypot AP with exact same name as legit AP Test1 60127 Test2 301013 Test3 48919 Test4 63124 Test5 2557 Test6 1020
CONCLUSION Normal users connect to the Access Point that has almost exact name as their own Access Point or the Access Point they are asked to connect to and appears on top of the list. Hackers can use the name of access point to plan coordinated attack to fool user on connecting to honeypot Same method can be used to fool legit user of secured access point to give password to hacker. Hackers access point can be programmed to log the login attempt and store the password as fooled user tried to login using real password.
REMEDIES Default behavior of access point broadcasting the SSID can be turned off The wireless devices can be manually configured to connect to an access point This step does not provide 100% security against the attack as hackers can detect SSID by detecting different messages in Wi-Fi protocol. Still, using techniques like SSID broadcast disable makes it more likely that would-be intruders will bypass the access point, seeking easier targets