Teacher
Professional
- Messages
- 2,669
- Reaction score
- 829
- Points
- 113
SSID Stripping method, works on devices running Windows, macOS, Ubuntu, Android and iOS.
A team of experts from AirEye and the Israeli Technion have discovered a new method by which attackers can trick a victim into connecting to a malicious wireless access point.
The method, dubbed SSID Stripping, works on devices running Windows, macOS, Ubuntu, Android, and iOS. The essence of the method is to manipulate the name of the wireless network controlled by hackers (SSID) so that it appears as the name of a legitimate wireless network.
Researchers have succeeded in generating three types of so-called "display errors". One is to embed a NULL byte in the SSID, which causes Apple devices to display only part of the name preceding this byte. On Windows devices, you can use the newline character for this.
The second type of "display error" (which is the most common) can be caused by using non-printable characters. An attacker can add special characters to the SSID, which will be included in the name, but will not be visible to the user. For example, the network name "aireye_x1cnetwork" (x1c is a byte with a value of 0x1C hex) is displayed the same as "aireye_network".
In order to cause a "display error" of the third type, an attacker must hide a certain part of the network name from the visible area of the screen. For example, the network name "aireye_networknnnnnnnnnnnnrogue" (where "n" stands for newline) on the iPhone will display as "aireye_network" because the word "rogue" is out of sight. Together with an error of the second type, this can be used to effectively hide the suffix of the name of the malicious network.
The researchers described the issues they discovered as vulnerabilities, but the affected vendors do not appear to be dangerous. The AirEye specialists talked about their discovery to Apple, Microsoft, Google (Android) and Canonical (Ubuntu) in July this year, but they did not consider them to be a serious threat and do not plan to release patches in the near future.
A team of experts from AirEye and the Israeli Technion have discovered a new method by which attackers can trick a victim into connecting to a malicious wireless access point.
The method, dubbed SSID Stripping, works on devices running Windows, macOS, Ubuntu, Android, and iOS. The essence of the method is to manipulate the name of the wireless network controlled by hackers (SSID) so that it appears as the name of a legitimate wireless network.
Researchers have succeeded in generating three types of so-called "display errors". One is to embed a NULL byte in the SSID, which causes Apple devices to display only part of the name preceding this byte. On Windows devices, you can use the newline character for this.
The second type of "display error" (which is the most common) can be caused by using non-printable characters. An attacker can add special characters to the SSID, which will be included in the name, but will not be visible to the user. For example, the network name "aireye_x1cnetwork" (x1c is a byte with a value of 0x1C hex) is displayed the same as "aireye_network".
In order to cause a "display error" of the third type, an attacker must hide a certain part of the network name from the visible area of the screen. For example, the network name "aireye_networknnnnnnnnnnnnrogue" (where "n" stands for newline) on the iPhone will display as "aireye_network" because the word "rogue" is out of sight. Together with an error of the second type, this can be used to effectively hide the suffix of the name of the malicious network.
The researchers described the issues they discovered as vulnerabilities, but the affected vendors do not appear to be dangerous. The AirEye specialists talked about their discovery to Apple, Microsoft, Google (Android) and Canonical (Ubuntu) in July this year, but they did not consider them to be a serious threat and do not plan to release patches in the near future.
