Computer Science faculty at the Technion - Israel Institute of Technology, in collaboration with AirEye’s research team, have discovered a new attack method named SSID Stripping. It could be used to spoof a network name (or Service Set Identifier) with another name in a device’s list of networks to fool users.
About SSID Stripping
SSID Stripping is a method that malicious attackers could use to fool users into connecting to fake Wireless Access Points (WAPs). It affects devices running macOS, iOS, Ubuntu, Windows, and Android.
- Researchers have shown how an attacker can spoof the name of a wireless network. For example, a fake network SSID name will be displayed to the user as a legitimate network.
- In this attack, a user would see a network connection with the same name of a connection they trust, although they have to manually connect to that network to make the attack work.
- The attack bypasses security controls, as the device processes the actual name of the SSID. However, an extra string added by an attacker is not displayed to the victim on their screen.
SSID spoofing is already a known attack, however, using this new SSID Stripping technique, an attacker could more effectively fool a user to connect to a rogue Wi-Fi connection. Further, they can steal data and monitor communications.
How does it work?
Researchers have defined three types of display errors, which they have used to describe the attack.
- The first display error involves adding a NULL byte into the SSID. Doing so leads Apple devices to show only the part of the name that is before this byte. On Windows devices, an attacker could use newline characters (\n) for the same effect.
- The second display error could be triggered using non-printable characters. A special character could be inserted into the SSID that will be added in the name without being shown to a user.
- The last display error includes excluding a certain part of the network name from a visible part of a device’s screen. Thus, it could be used to hide extra words of a rogue network name by pushing them outside the visible screen area.
Conclusion
The SSID stripping technique shows that wireless devices are always exposed to unknown threats. It could be a serious threat to a user and organization’s safety. For protection, AirEye has released a free tool that can be used by organizations to discover if their devices are exposed to SSID stripping attacks.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_382279978.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_566283598.jpg)
