WiF0: All Your Passphrase Are Belong to Us

Chatzoglou, Efstratios; Kambourakis, Georgios; Kolias, Constantinos

doi:10.1109/mc.2021.3074262

Cited by 6 publications

(2 citation statements)

References 7 publications

(6 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Precisely, 5 apps of this kind were found to store sensitive information in plaintext form, including Wi-Fi passphrases and email addresses, while 3 of them exposed private information either through cleartext traffic, via the Logcat commandline tool, or both. It should be noted that Wi-Fi passphrase leakages is of major significance, given that many users tend to preserve for long periods of time the same passphrase(s) in their wireless routers [39].…”

Section: Discussionmentioning

confidence: 99%

Let the Cat out of the Bag: Popular Android IoT Apps under Security Scrutiny

Chatzoglou

Kambourakis

Smiliotopoulos

2022

Sensors

Self Cite

View full text Add to dashboard Cite

The impact that IoT technologies have on our everyday life is indisputable. Wearables, smart appliances, lighting, security controls, and others make our life simpler and more comfortable. For the sake of easy monitoring and administration, such devices are typically accompanied by smartphone apps, which are becoming increasingly popular, and sometimes are even required to operate the device. Nevertheless, the use of such apps may indirectly magnify the attack surface of the IoT device itself and expose the end-user to security and privacy breaches. Therefore, a key question arises: do these apps curtail their functionality to the minimum needed, and additionally, are they secure against known vulnerabilities and flaws? In seek of concrete answers to the aforesaid question, this work scrutinizes more than forty chart-topping Android official apps belonging to six diverse mainstream categories of IoT devices. We attentively analyse each app statically, and almost half of them dynamically, after pairing them with real-life IoT devices. The results collected span several axes, namely sensitive permissions, misconfigurations, weaknesses, vulnerabilities, and other issues, including trackers, manifest data, shared software, and more. The short answer to the posed question is that the majority of such apps still remain susceptible to a range of security and privacy issues, which in turn, and at least to a significant degree, reflects the general proclivity in this ecosystem.

show abstract

Section: Discussionmentioning

confidence: 99%

Let the Cat out of the Bag: Popular Android IoT Apps under Security Scrutiny

Chatzoglou

Kambourakis

Smiliotopoulos

2022

Sensors

Self Cite

View full text Add to dashboard Cite

show abstract

“…For instance, the work in [2,3] showcased several Denial of Service (DoS) attacks against the so-called Simultaneous Authentication of Equals (SAE), while others [4,5] indicated that the Protected Management Frames (PMF), introduced with 802.11w, are insufficient when it comes to persistent deauthentication attacks. Nevertheless, in spite of several works on 802.11 security [6][7][8], the literature lacks a full-fledged solution that can be used as a reference test platform for detecting possible latent vulnerabilities in Wi-Fi Access Points (AP) and Stations (STAs). Fuzz testing, a.k.a.…”

Section: Introductionmentioning

confidence: 99%

WPAxFuzz: Sniffing Out Vulnerabilities in Wi-Fi Implementations

et al. 2022

Self Cite

View full text Add to dashboard Cite

This work attempts to provide a way of scrutinizing the security robustness of Wi-Fi implementations in an automated fashion. To this end, to our knowledge, we contribute the first full-featured and extensible Wi-Fi fuzzer. At the time of writing, the tool, made publicly available as open source, covers the IEEE 802.11 management and control frame types and provides a separate module for the pair of messages of the Simultaneous Authentication of Equals (SAE) authentication and key exchange method. It can be primarily used to detect vulnerabilities potentially existing in wireless Access Points (AP) under the newest Wi-Fi Protected Access 3 (WPA3) certification, but its functionalities can also be exploited against WPA2-compatible APs. Moreover, the fuzzer incorporates: (a) a dual-mode network monitoring module that monitors, in real time, the behavior of the connected AP stations and logs possible service or connection disruptions and (b) an attack tool used to verify any glitches found and automatically craft the corresponding exploit. We present results after testing the fuzzer against an assortment of off-the-shelf APs by different renowned vendors. Adhering to a coordinated disclosure process, we have reported the discovered issues to the affected vendors, already receiving positive feedback from some of them.

show abstract