Presentation is loading. Please wait.

Presentation is loading. Please wait.

Denial of Convenience Attack to Smartphones Using a Fake Wi-Fi Access Point Erich Dondyk, Cliff C. Zou University of Central Florida.

Published byJeffrey Pearson Modified over 8 years ago

Similar presentations

Presentation on theme: "Denial of Convenience Attack to Smartphones Using a Fake Wi-Fi Access Point Erich Dondyk, Cliff C. Zou University of Central Florida."— Presentation transcript:

1 Denial of Convenience Attack to Smartphones Using a Fake Wi-Fi Access Point Erich Dondyk, Cliff C. Zou University of Central Florida

2 A smartphone can connect to the Internet through only one broadband channel at any particular time Background Wi-Fi Channel Cellular Channel (e.g. 3G)

3 Users are encouraged to use the Wi-Fi channel when available because: Wi-Fi Advantages 1)It is usually faster 2)Does not consume the user’s data plan 3)Does not consume the cellular provider’s bandwidth

4 The following two characteristics of the Android and iPhone Wi-Fi protocol allow for exploit: Wi-Fi Protocol Vulnerability 1)Wi-Fi protocol automatically connects (or asks the user to connect) to an open Wi-Fi APs 2)Wi-Fi protocol never checks if a Wi-Fi access point has a functioning Internet connection or not Could stop Internet access if the AP does not work Users have to know how to disable WiFi to get back 3G broadband access

5 Motivation  Currently, more than one third of all adults in the United States own a smartphone.  Many of these users are not technologically savvy to diagnose this type of attack and/or take corrective actions.  Mounting a successful Denial-of-Convinience (DoC) attack can be achieved with simple hardware device.

6 Setup a Wi-Fi AP without an internet connection Attack 1: Simple Passive Wi-Fi Access Point Implementations:  Wireless router without an Internet connection - OR -  Laptop/smartphone configured as a Wi-Fi AP

7 Fake AP implementation using a Linux netbook with an external ALFA network adapter costing less than $30 The adapter has a higher power (30dBm) than normal APs (20dBm): It could bury real AP that has the same SSID! Prototype

8 Experiment of Attack 1 The result of Attack 1 on an Android phone: (a) the connection status of the fake AP and (b) the smartphone does not have a working Internet connection because of its Wi-Fi connection with the fake AP.

9 Defense 1: Static Identifier Validation 1)Sends a challenge to a validation server 2)Receives a response from the validation server 3)Compares a key in the validation response against a key stored in the device

10  The simple validation procedure can detect fake AP used in Attack 1  If the AP is invalid, Wi-Fi stack shows that the fake AP has been disabled by Wi-Fi Authenticator Experiment of Defense 1

11 Redirect validation challenge to a fake validation server Attack 2: Fake Validation Response 1)Setup a fake Wi-Fi AP 2)Setup a local fake validation server (e.g., on the same laptop/smartphone) 3)Forward all probing packages to local validation server

12 Defense 2: Dual Channel Validation 1)Before connecting to a Wi-Fi AP, send a randomly generated validation key to the validation server through the cellular 3G network 2)Send a challenge to the validation server 3)Receive a response from validation server 4)Compare the random key in the validation response against the key stored in the device In WiFi channel:

13 Attack 3: Selective Internet Traffic Throttling 1)Allow probing packages to reach the validation server 2)Block or throttle all other data traffic

14 Defense 3: Network Performance Monitoring 1)After connecting to a Wi-Fi AP, measure the performance of the connection 2)If below a predetermine threshold, transition back automatically to the cellular network

15 Time used for Authentication

16  DoC attacks are a threat against the two most popular smartphone operating systems, Android and iOS.  There are several approaches to implement a DoC attacks.  Defenses can be implemented to counteract each type of DoC attack considered. Conclusion

17 Questions?

Download ppt "Denial of Convenience Attack to Smartphones Using a Fake Wi-Fi Access Point Erich Dondyk, Cliff C. Zou University of Central Florida."

Similar presentations

Brute Force Attack Against Wi-Fi Protected Setup

Brute Force Attack Against Wi-Fi Protected Setup
IEEE INFOCOM 2004 MultiNet: Connecting to Multiple IEEE 802.11 Networks Using a Single Wireless Card.

IEEE INFOCOM 2004 MultiNet: Connecting to Multiple IEEE Networks Using a Single Wireless Card.
Computer Networking Components Chad DuBose ~ Assignment #3 ~ LTEC 4550.020.

Computer Networking Components Chad DuBose ~ Assignment #3 ~ LTEC
Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.

Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.
The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R.

The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R.
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
Presented by Serge Kpan LTEC 4550.020 Network Systems Administration 1.

Presented by Serge Kpan LTEC Network Systems Administration 1.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
1 Chapter 19 Networks. 2 What’s Inside and on the CD? In this chapter you’ll learn: –Basic network terminology –To identify network components –About.

1 Chapter 19 Networks. 2 What’s Inside and on the CD? In this chapter you’ll learn: –Basic network terminology –To identify network components –About.
Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.

Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
Can we get Wi-Fi connectivity for 15 µW? Bryce Kellogg.

Can we get Wi-Fi connectivity for 15 µW? Bryce Kellogg.
Wireless Security Focus on Encryption Steps to secure a Wi-Fi Network.

Wireless Security Focus on Encryption Steps to secure a Wi-Fi Network.
 Any unauthorized device that provides wireless access  Implemented using software, hardware, or a combination of both  It can be intentional or unintentionally.

 Any unauthorized device that provides wireless access  Implemented using software, hardware, or a combination of both  It can be intentional or unintentionally.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1 MSE MSAP Functional Specifications Presenter Name: Patrick Nicholson.

Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1 MSE MSAP Functional Specifications Presenter Name: Patrick Nicholson.
RADIUS Secured and Authenticated WiFi Robert Leahy Charles Bodman Brandon Ellis.

RADIUS Secured and Authenticated WiFi Robert Leahy Charles Bodman Brandon Ellis.
Romney Bake Brian Peterson Clay Stephens Michael Hatheway.

Romney Bake Brian Peterson Clay Stephens Michael Hatheway.
© Siemens 2006 All Rights Reserved 1 Challenges and Limitations in a Back-End Controlled SmartHome Thesis Work Presentation 06.06.2006 Niklas Salmela Supervisor:

© Siemens 2006 All Rights Reserved 1 Challenges and Limitations in a Back-End Controlled SmartHome Thesis Work Presentation Niklas Salmela Supervisor:

Similar presentations

Ads by Google