WPFD: Active User-Side Detection of Evil Twins

Hsu, Fu-Hau; Wu, Min-Hao; Hwang, Yanling; Lee, Chia-Hao; Wang, Chuansheng; Chang, Ting-Cheng

doi:10.3390/app12168088

Cited by 5 publications

(1 citation statement)

References 33 publications

(47 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Simpler mechanisms for mitigating this type of vulnerability, but which are still vulnerable to misconfiguration, include network segmentation and the use of authentication methods to restrict connections to rogue access points without proper digital certificates. Current methods for detecting evil twin attacks rely on various types of device information, such as MAC addresses or SSID names [34,35], signal strength indicators (RSSIs) [36,37] and network traffic analysis, including TCP/IP header inspection [38], monitoring changes in Simple Network Management Protocol (SNMP) MIBs like tcpActiveOpens, tcpPassiveOpens, and tcpAttemptFails, and the use of access control lists [39]. Murugesan K. et al [40] pointed out that evil twin access points can enable an attacker to conduct further attacks, such as man-in-the-middle, flooding the network with useless data, denial of service, and service disruption.…”

Section: Evil Twin Exploitation Techniquementioning

confidence: 99%

Exploitation Techniques of IoST Vulnerabilities in Air-Gapped Networks and Security Measures—A Systematic Review

Hamada,

Kuzminykh

2023

Signals

View full text Add to dashboard Cite

IP cameras and digital video recorders, as part of the Internet of Surveillance Things (IoST) technology, can sometimes allow unauthenticated access to the video feed or management dashboard. These vulnerabilities may result from weak APIs, misconfigurations, or hidden firmware backdoors. What is particularly concerning is that these vulnerabilities can stay unnoticed for extended periods, spanning weeks, months, or even years, until a malicious attacker decides to exploit them. The response actions in case of identifying the vulnerability, such as updating software and firmware for millions of IoST devices, might be challenging and time-consuming. Implementing an air-gapped video surveillance network, which is isolated from the internet and external access, can reduce the cybersecurity threats associated with internet-connected IoST devices. However, such networks can also be susceptible to other threats and attacks, which need to be explored and analyzed. In this work, we perform a systematic literature review on the current state of research and use cases related to compromising and protecting cameras in logical and physical air-gapped networks. We provide a network diagram for each mode of exploitation, discuss the vulnerabilities that could result in a successful attack, demonstrate the potential impacts on organizations in the event of IoST compromise, and outline the security measures and mechanisms that can be deployed to mitigate these security risks.

show abstract