User's location privacy concerns have been further raised by today's Wi-Fi technology omnipresence. Preferred Network Lists (PNLs) are a particularly interesting source of private location information, as devices are storing a list of previously used hotspots. Privacy implications of a disclosed PNL have been covered by numerous papers, mostly focusing on passive monitoring attacks. Nowadays, however, more and more devices no longer transmit their PNL in clear, thus mitigating passive attacks. Hidden PNLs are still vulnerable against active attacks whereby an attacker mounts a fake SSID hotspot set to one likely contained within targeted PNL. If the targeted device has this SSID in the corresponding PNL, it will automatically initiate a connection with the fake hotspot thus disclosing this information to the attacker. By iterating through different SSIDs (from a predefined dictionary) the attacker can eventually reveal a big part of the hidden PNL. Considering user mobility, executing active attacks usually has to be done within a short opportunity window, while targeting nontrivial SSIDs from user's PNL. The existing work on active attacks against hidden PNLs often neglects both of these challenges. In this paper we propose a simple mathematical model for analyzing active SSID dictionary attacks, allowing us to optimize the effectiveness of the attack under the above constraints (limited window of opportunity and targeting nontrivial SSIDs). Additionally, we showcase an example method for building an effective SSID dictionary using top-N recommender algorithm and validate our model through simulations and extensive real-life tests.
A plethora of organizations, companies, and foremost universities and educational institutions are using WPA2-Enterprise protocol to allow their end-users to connect to provided Wi-Fi networks. When both the provider’s and the end-user’s devices are configured properly, it is considered one of the safest Wi-Fi connection protocols with the added benefits of having a unique password for every Wi-Fi user. However, a known evil twin attack can be performed to steal users’ Wi-Fi login credentials, if the devices are not configured correctly. Considering the widespread use of Wi-Fi-enabled smartphones and rising concerns regarding users’ privacy, we focus on the privacy aspects of WPA2-Enterprise vulnerabilities mainly on the widespread Eduroam network. We show that device deanonymization is a concerning liability of many Eduroam networks. More than 87% of 1650 devices collected during a two-month test on our university are vulnerable to MAC address deanonymization attack. Furthermore, by analyzing the Eduroam Configuration Assistant Tool of 1066 different institutions around the world, 67% of exported Eduroam profiles having the Wi-Fi device reveal the user’s identity in the clear, thus linking the users with the device’s MAC address. Indeed, the analysis of the configuration profiles has been confirmed by performing the deanonymization attack on a large-scale international music festival in our country, where 70% of the devices have been vulnerable. Additionally, we showcase the psychological aspects of secure Eduroam users, where some are willing to modify secure configuration profiles to gain aspects to certain blocked features. As a result, the attacker is granted with user credentials and IMSI number and provided with access to all Eduroam-related services.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.