Researchers at AirEye have discovered a vulnerability in the way in which devices connect to wireless networks that could allow an attacker to trick a user into connecting to a malicious network. The method, dubbed “SSID Stripping,” enables attackers to create an Access Point (AP) that appears to have the exact same name as a legitimate network. The flaw affects Windows, iOS and macOS, Android, and Ubuntu.
“Since the attacker creates a rogue AP with a name that looks exactly like the known legitimate network name, users are more likely to fall prey to this attack,” the researchers write. “Operating system vendors have put in place controls to prevent users from connecting to rogue APs displaying the same network name as legitimate networks. These controls mainly rely on the fact that the device is configured to use the same security measures, such as a certificate, every time it connects to a network name it already has in its memory. Thus, a device cannot connect to a rogue AP with the same network name since the rogue AP does not require the same security measures.”
The vulnerability stems from the fact that certain characters aren’t displayed in the name of the network shown on the device.
“We found out that many special characters are simply omitted from the actual display (especially those considered ‘non-printable’ characters),” the researchers explain. “For example, the NULL byte when introduced into a network name is not part of the display on Android phones. A network name of the form ‘aireye_network’ would be displayed exactly the same as ‘aireye_network.’ The same holds true for Ubuntu machines when handling a NULL byte. Other ‘non-printable’ characters have similar effects on iPhone and Mac devices. For example, the network name ‘aireye_x1cnetwork’ (with x1c representing a byte with the value 0x1C hex), is displayed exactly the same as “aireye_network.’”
“SSID Stripping bypasses these security controls since the device itself processes the network names as they actually are, not as they are displayed,” the researchers add. “Hence, the devices do not consider the rogue AP to have the same name as the legitimate network.”
New-school security awareness training can give your employees a healthy sense of suspicion so they can avoid falling for social engineering attacks.
AirEye has the full story.