Abstract
Carrying over 75% of the last-mile mobile Internet traffic, WiFi has inevitably become an enticing target for various security threats. In this work, we characterize a wide variety of real-world WiFi threats at an unprecedented scale, involving 19M WiFi APs mostly located in China, by deploying a crowdsourced security checking system on 14M mobile devices in the wild. Leveraging the collected data, we reveal the landscape of nationwide WiFi threats for the first time. We find that the prevalence, riskiness, and breakdown of WiFi threats deviate significantly from common understandings and prior studies. In particular, we detect attacks at around 4% of all WiFi APs, uncover that most WiFi attacks are driven by an underground economy, and provide strong evidence of web analytics platforms being the bottleneck of its monetization chain. Furthermore, we provide insightful guidance for defending against WiFi attacks at scale, and some of our efforts have already yielded real-world impact—effectively disrupted the WiFi attack ecosystem.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
A BSSID (Basic Service Set Identifier) is derived from the AP’s MAC address, and they are usually identical except when the AP supports multiple service sets [17].
References
Hetting C. New numbers: Wi-Fi share of US mobile data traffic lingers at around 75% in Q2. https://wifinowevents.com/news-and-blog/new-numbers-wi-fi-share-of-us-mobile-traffic-lingers-at-around-75/
HACKERNOON. A hacker intercepted your WiFi traffic, stole your contacts, passwords, & financial data. https://hackernoon.com/a-hacker-intercepted-your-wifi-traffic-stole-your-contacts-passwords-financial-data-heres-how-4fc0df9ff152
Cimpanu C. Hacker group has been hijacking DNS traffic on D-link routers for three months. https://www.zdnet.com/article/hacker-group-has-been-hijacking-dns-traffic-on-d-link-routers-for-three-months
Miley J. Starbucks’ free WiFi hijacked computers of customers to mine cryptocurrency. https://interestingengineering.com/starbucks-free-wifi-hijacked-computers-of-customers-to-mine-cryptocurrency
Group LNR. Arpwatch, the ethernet monitor program; for keeping track of ethernet/IP address pairings. https://ee.lbl.gov/
Ramachandran V, Nandi S (2005) Detecting ARP spoofing: an active technique. In: Proceedings of ICISS, pp 239–250
Shijia O. Security report of China public WiFi in 2017. http://www.chinadaily.com.cn/business/tech/2017-03/08/content_28474488.htm
Security T. 2018 mobile security report by tencent mobile security lab (in Chinese). https://m.qq.com/security_lab/news_detail_471.html
Greenberg A. Researchers found they could hack entire wind farms. https://www.wired.com/story/wind-turbine-hack/
Torralba C. Student admitted to ARP spoofing his school network through android device. https://www.androidauthority.com/student-admitted-to-arp-spoofing-his-school-network-through-android-device-49129/
Whitewinterwolf.com. DHCP exploitation guide. https://www.whitewinterwolf.com/posts/2017/10/30/dhcp-exploitation-guide/
Pritchett WL, De Smet D (2013) Kali Linux cookbook. Packt Publishing
Gao D, Lin H, Li Z, Qian F, Chen QA, Qian Z, Liu W, Gong L, Liu Y (2021) A nationwide census on WiFi security threats: prevalence, riskiness, and the economics. In: Proceedings of ACM MobiCom, pp 242–255
Plummer DC et al. (1982) An ethernet address resolution protocol: or converting network protocol addresses to 48.bit ethernet address for transmission on ethernet hardware. RFC 826:1–10
Stallings W, Brown L, Bauer MD, Bhattacharjee AK (2012) Computer security: principles and practice. Pearson Education, Upper Saddle River
Salgueiro P, Diaz D et al. (2011) Using constraints for intrusion detection: the NeMODe system. In: Proceedings of PADL, pp 115–129
Group IW et al. (2016) IEEE standard for wireless LAN medium access control (MAC) and physical layer (PHY) specifications. IEEE Std 802.11-2016 (Revision of IEEE Std 802.11-2012) 802(11):1–3534
Wustrow, E., et al.: Telex: Anticensorship in the network infrastructure. In: Proceedings of USENIX security, p 45
Houmansadr A, Nguyen GT, Caesar M, Borisov N (2011) Cirripede: circumvention infrastructure using router redirection with plausible deniability. In: Proceedings of ACM CCS, pp 187–200
IANA Special-use IPv4 addresses, RFC3330. Tech. rep. (2002)
Bouch A, Kuchinsky A, Bhatti N (2000) Quality is in the eye of the beholder: meeting users’ requirements for internet quality of service. In: Proceedings of ACM CHI, pp 297–304
Shneiderman B (1984) Response time and display rate in human performance with computers. ACM Comput Surv 16(3):265–285
Padmanabhan R, Owen P, Schulman A, Spring N (2015) Timeouts: beware surprisingly high delay. In: Proceedings of ACM IMC, pp 303–316
Korhonen J, Wang Y (2005) Effect of packet size on loss rate and delay in wireless links. In: Proceedings of IEEE WCNC, pp 1608–1613
Liu B, Lu C, Duan H, Liu Y, Li Z, Hao S, Yang M (2018) Who is answering my queries: understanding and characterizing interception of the DNS resolution path. In: Proceedings of USENIX security, pp 1113–1128
Maxim M, Pollino D (2002) Wireless security. McGraw-Hill/Osborne
Bellardo J, Savage S (2003) 802.11 denial-of-service attacks: real vulnerabilities and practical solutions. In: Proceedings of USENIX security, pp 2–2
Report C. Phicomm: security vulnerabilities. https://www.cvedetails.com/vulnerability-list/vendor_id-16810/Phicomm.html
Report C. Vulnerability of phicomm hotspots: CVE-2019-19117. https://cxsecurity.com/cveshow/CVE-2019-19117/
Conti M, Dragoni N, Lesyk V (2016) A survey of man in the middle attacks. IEEE Commun Surv Tutorials 18(3):2027–2051
Abad CL, Bonilla RI (2007) An analysis on the schemes for detecting and preventing ARP cache poisoning attacks. In: Proceedings of IEEE ICDCS, pp 60–60
Singh A et al. (2008) Vulnerability analysis for DNS and DHCP. In: Vulnerability analysis and defense for the internet, pp 111–124
Bruschi D, Ornaghi A, Rosti E (2003) S-ARP: a secure address resolution protocol. In: Proceedings of IEEE ACSAC, pp 66–74
Melsen T, Blake S (2006) MAC-forced forwarding: a method for subscriber separation on an ethernet access network. Tech. rep., RFC 4562
Wifi8.com. Selective broadcasting in metro station. http://www.wifi8.com/
Han H, Sheng B, Tan CC, Li Q, Lu S (2011) A timing-based scheme for rogue AP detection. IEEE Trans Parallel Distrib Syst 22(11):1912–1925
Fahl S et al. (2012) Why eve and Mallory love android: an analysis of android SSL (in)security. In: Proceedings of ACM CCS, pp 50–61
Li Z, Wang W, Wilson C, Chen J, Qian C, Jung T, Zhang L, Liu K, Li X, Liu Y (2017) FBS-radar: uncovering fake base stations at scale in the wild. In: Proceedings of NDSS
Springborn K, Barford P (2013) Impression fraud in on-line advertising via pay-per-view networks. In: Proceedings of USENIX security, pp 211–226
Congdon P, Aboba B, Smith A, Zorn G, Roese J (2003) IEEE 802.1X remote authentication dial in user service (RADIUS) usage guidelines. RFC 3580:1–30
Balakrishnan K (2018) Exponential distribution: theory, methods and applications. Routledge
Nagelkerke NJ et al. (1991) A note on a general definition of the coefficient of determination. Biometrika 78(3):691–692
Dmitry K, Roland D (2011) Application of S-shaped curves. Proc Eng 9:559–572
Von Bertalanffy L (1968) General system theory. New York 41973(1968):40
Goldfarb A, Tucker C (2011) Online display advertising: targeting and obtrusiveness. INFORMS Market Sci 30(3):389–404
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this chapter
Cite this chapter
Li, Z., Dai, Y., Chen, G., Liu, Y. (2023). Combating Nationwide WiFi Security Threats. In: Content Distribution for Mobile Internet: A Cloud-based Approach. Springer, Singapore. https://doi.org/10.1007/978-981-19-6982-9_8
Download citation
DOI: https://doi.org/10.1007/978-981-19-6982-9_8
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-19-6981-2
Online ISBN: 978-981-19-6982-9
eBook Packages: Computer ScienceComputer Science (R0)