Connect with us

New method allows you to force the victim to connect to a malicious hotspot

Published

on

SSID Stripping method, works on devices running Windows, macOS, Ubuntu, Android and iOS.

A team of specialists from AirEye and the Israeli Technion discovered a new method that attackers can trick victims into connecting to a malicious wireless access point.

The method, dubbed SSID Stripping, works on devices running Windows, macOS, Ubuntu, Android, and iOS. The essence of the method is to manipulate the name of the wireless network controlled by hackers (SSID) so that it appears as the name of a legitimate wireless network.

Researchers have succeeded in generating three types of so-called “display errors”. One is to embed a NULL byte in the SSID, which causes Apple devices to display only part of the name preceding this byte. On Windows devices, you can use the newline character for this.

The second type of “display error” (which is the most common) can be caused by using non-printable characters. An attacker can add special characters to the SSID that will be included in the name, but will not be visible to the user. For example, the network name “aireye_x1cnetwork” (x1c is a byte with a value of 0x1C hex) is displayed the same as “aireye_network”.

In order to cause the third type of “display error”, an attacker must hide a certain part of the network name from the visible area of ​​the screen. For example, the network name “aireye_networknnnnnnnnnnnnrogue” (where “n” stands for newline) on the iPhone will display as “aireye_network” because the word “rogue” is out of sight. Together with an error of the second type, this can be used to effectively hide the suffix of the name of the malicious network.

The researchers described the issues they discovered as vulnerabilities, but the affected vendors do not appear to be dangerous. The AirEye specialists talked about their discovery to Apple, Microsoft, Google (Android) and Canonical (Ubuntu) in July this year, but they did not consider them to be a serious threat and do not plan to release patches in the near future.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Security

Top cybersecurity M&A deals in 2021

Published

on

The cybersecurity market in 2021 is incredibly hot. Information security service providers buy competitors to gain a foothold, or acquire companies to expand their offerings.

Continue Reading

Security

Want to learn how to work with cloud databases and take the DP-900 certification exam for free?

Published

on

Take a two-day training session from Microsoft on October 25 and 26.

From Microsoft experts, you will learn about the key principles of Azure services, proven approaches, and the specifics of working with relational and non-relational data.

Have time sign up for training

Continue Reading

Security

Women and minorities are more likely to be cyberattacks than other people

Published

on

Women are more likely than men to receive messages from unknown numbers containing potentially malicious links.

Demographics play a large role in how often people are victims of cybercrime. Low-income and vulnerable populations are disproportionately affected by cybercrime. As the results showed poll 5 thousand people in Germany, the UK and the US, conducted by experts from Malwarebytes, Digitunity and Cybercrime Support Network, minorities, as well as groups of people with low income and low educational level, are more likely to be victims of a cyber attack. Some groups are much more likely to face online threats.

For example, women are much more likely to receive text messages from unknown numbers containing potentially malicious links than men (79% versus 73%). Almost half (46%) of women said their social media accounts had been hacked, compared with 37% of men.

Black, Indigenous and People of Color (BIPOC) social media accounts are more likely to be attacked than whites (45% versus 40%); BIPOC populations are also more likely to experience identity theft (21% versus 15%). In fact, only 47% of BIPOC respondents escaped the financial consequences of cybercriminals.

Age is also an important factor. 36% of people aged 65 and over have been victims of credit card information theft.

21% of women and 23% of BIPOC respondents experienced “significant” stress when faced with suspicious online activity.

According to the report, the statistics are linked to the overall sense of security (or lack thereof) in cyberspace. While half of all respondents do not feel secure online and 31% do not feel safe online, the numbers are different for women. Women feel the least private online (53% versus 47% of men) and the least secure (35% versus 27% of men).

Socioeconomic class also matters. People with higher incomes (51%) feel more secure online than people with lower incomes (40%). The same is true for educational attainment – users with the highest educational attainment feel more secure (48%) than those who graduated only from college (44%) or high school (40%).

Continue Reading

Most Popular