Hacker’s Toolbox: Detecting Software-Based 802.11 Evil Twin Access Points

Lanze, Fabian; Panchenko, Andriy; Ponce-Alcaide, Ignacio; Engel, Thomas

Reference : Hacker’s Toolbox: Detecting Software-Based 802.11 Evil Twin Access Points


	Document type :	Scientific congresses, symposiums and conference proceedings : Paper published in a book
	Discipline(s) :	Engineering, computing & technology : Computer science
	To cite this reference:	http://hdl.handle.net/10993/20445

Title :	Hacker’s Toolbox: Detecting Software-Based 802.11 Evil Twin Access Points
Language :	English
Author, co-author :	Lanze, Fabian [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
	Panchenko, Andriy [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
	Ponce-Alcaide, Ignacio [University of Malaga]
	Engel, Thomas [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
Publication date :	2015
Main document title :	Proceedings of the 12th Annual IEEE Consumer Communications & Networking Conference (CCNC 2015)
Peer reviewed :	Yes
Event name :	12th Annual IEEE Consumer Communications & Networking Conference
Event date :	from 09-01-2015 to 12-01-2015
Event place (city) :	Las Vegas
Event country :	USA
Abstract :	[en] The usage of public Wi-Fi hotspots has become a common routine in our everyday life. They are ubiquitous and offer fast and budget-friendly connectivity for various client devices. However, they are exposed to a severe security threat: since 802.11 identifiers (SSID, BSSID) can be easily faked, an attacker can setup an evil twin, i.e., an access point (AP) that users are unable to distinguish from a legitimate one. Once a user connects to the evil twin, he inadvertently creates a playground for various attacks such as collection of sensitive data (e.g., credit card information, passwords) or man-in-the-middle attacks even on encrypted traffic. It is particularly alarming that this security flaw has led to the development of several tools that are freely available, easy to use and allow mounting the attack from commodity client devices such as laptops, smartphones or tablets without attracting attention. In this paper we provide a detailed overview of tools that have been developed (or can be misused) to set up evil twin APs. We inspect them thoroughly in order to identify characteristics that allow them to be distinguished from legitimate hardware-based access points. Our analysis has discovered three methods for detecting software-based APs. These exploit accuracy flaws due to emulation of hardware behavior or peculiarities of the client Wi-Fi hardware they operate on. Our evaluation with 60 hardware APs and a variety of tools on different platforms reveals enormous potential for reliable detection. Furthermore, our methods can be performed on typical client hardware within a short period of time without even connecting to a potentially untrustworthy access point.
Permalink :	http://hdl.handle.net/10993/20445

File(s) associated to this reference

Fulltext file(s):

	File	Commentary	Version	Size	Access
Limited access	CCNC_CAMERA_READY.pdf		Author preprint	783.29 kB	Request a copy

All documents in ORBi^lu are protected by a user license.

University of Luxembourg Library | Feedback | Legal notices