You are here

DENIAL OF CONVENIENCE ATTACK TO SMARTPHONES USING A FAKE WI-FI ACCESS POINT

Download pdf | Full Screen View

Date Issued:
2012
Abstract/Description:
In this thesis, we consider a novel denial of service attack targeted at popular smartphone operating systems. This type of attack, which we call a Denial of Convenience (DoC) attack, prevents non-technical savvy victims from utilizing data services by exploiting the connectivity management protocol of smartphones' operating systems when encountered with a Wi-Fi access point. By setting up a fake Wi-Fi access point without Internet access (using simple devices such as a laptop), an adversary can prompt a smartphone with enabled Wi-Fi features to automatically terminate a valid mobile broadband connection and connect to this fake Wi-Fi access point. This, as a result, prevents the targeted smartphone from having any type of Internet connection unless the victim is capable of diagnosing the problem and disabling the Wi-Fi features manually. For the majority of smartphone users that have little networking knowledge, this can be a challenging task. We demonstrate that most current smartphones, including iPhone and Android phones, are vulnerable to this DoC attack. To address this attack, we propose implementing a novel Internet-access validation protocol to validate a Wi-Fi access point by taking advantage of the cellular network channel. It first uses the cellular network to send a secret to an Internet validation server, and tries to retrieve this secret via the newly established Wi-Fi channel to validate the connection of the Wi-Fi channel.
Title: DENIAL OF CONVENIENCE ATTACK TO SMARTPHONES USING A FAKE WI-FI ACCESS POINT.
25 views
8 downloads
Name(s): Dondyk, Erich, Author
Zou, Cliff, Committee Chair
University of Central Florida, Degree Grantor
Type of Resource: text
Date Issued: 2012
Publisher: University of Central Florida
Language(s): English
Abstract/Description: In this thesis, we consider a novel denial of service attack targeted at popular smartphone operating systems. This type of attack, which we call a Denial of Convenience (DoC) attack, prevents non-technical savvy victims from utilizing data services by exploiting the connectivity management protocol of smartphones' operating systems when encountered with a Wi-Fi access point. By setting up a fake Wi-Fi access point without Internet access (using simple devices such as a laptop), an adversary can prompt a smartphone with enabled Wi-Fi features to automatically terminate a valid mobile broadband connection and connect to this fake Wi-Fi access point. This, as a result, prevents the targeted smartphone from having any type of Internet connection unless the victim is capable of diagnosing the problem and disabling the Wi-Fi features manually. For the majority of smartphone users that have little networking knowledge, this can be a challenging task. We demonstrate that most current smartphones, including iPhone and Android phones, are vulnerable to this DoC attack. To address this attack, we propose implementing a novel Internet-access validation protocol to validate a Wi-Fi access point by taking advantage of the cellular network channel. It first uses the cellular network to send a secret to an Internet validation server, and tries to retrieve this secret via the newly established Wi-Fi channel to validate the connection of the Wi-Fi channel.
Identifier: CFH0004159 (IID), ucf:44838 (fedora)
Note(s): 2012-05-01
B.S.C.E.
Engineering and Computer Science, Dept. of Electrical Engineering and Computer Science
Bachelors
This record was generated from author submitted information.
Subject(s): Smartphone
Cybersecurity
Persistent Link to This Record: http://purl.flvc.org/ucf/fd/CFH0004159
Restrictions on Access: campus 2013-04-01
Host Institution: UCF

In Collections