Andreas Kurtz, Felix Freiling, Daniel Metz

Slides:

Advertisements

Similar presentations

SECURING WIRELESS LANS PRESENTED BY VICTOR C. NWALA CS555 Department of Computer Science Old Dominion University.

Advertisements

Password Cracking, Network Sniffing, Man-in-the-Middle attacks, and Virtual Private Networks Lab 2 – Class Discussion Group 3 Ruhull Alam Bhuiyan Keon.

Secure SharePoint mobile connectivity

Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.

CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

Dr. Sarbari Gupta Electrosoft Services Tel: (703) Security Characteristics of Cryptographic.

Public Works and Government Services Canada Travaux publics et Services gouvernementaux Canada Password Management for Multiple Accounts Some Security.

Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.

How to Secure a Home Wi-Fi S. Roy. Acknowledgement In preparing the presentation slides and the lab setup, I received help from Professor Simon Ou Professor.

Sales Guide V1.00 Andy Wu Jan, Product Introduction Product Positioning The Use Scenario Competitor Analysis.

Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.

The Internet and World Wide Web.  Understand how the Internet evolved  Describe common Internet communication methods and activities  Setting up your.

1/28/2010 Network Plus Security Review Identify and Describe Security Risks People –Phishing –Passwords Transmissions –Man in middle –Packet sniffing.

Wireless Networking Concepts By: Forrest Finkler Computer Science 484 Networking Concepts.

1 C-DAC/Kolkata C-DAC All Rights Reserved Computer Security.

Doc.: IEEE ai Submission Paul Lambert, Marvell Security Review and Recommendations for IEEE802.11ai Fast Initial Link Setup Author:

Done By : Ahmad Al-Asmar Wireless LAN Security Risks and Solutions.

Copyright Security-Assessment.com 2005 Wireless Security by Nick von Dadelszen.

CWSP Guide to Wireless Security Chapter 2 Wireless LAN Vulnerabilities.

WEP Protocol Weaknesses and Vulnerabilities

Network Security Lecture 8 Presented by: Dr. Munam Ali Shah.

.  Define risk and risk management  Describe the components of risk management  List and describe vulnerability scanning tools  Define penetration.

Enforcing Cyber security in Mobile Applications – Public Sector Use Case SAPHINA MCHOME, VIOLA RUKIZA TANZANIA REVENUE AUTHORITY INFORMATION AND COMMUNICATION.

Mitch Parks, GSEC/GCWN ITS Desktop Security Analyst

How Safe are They?. Overview Passwords Cracking Attack Avenues On-line Off-line Counter Measures.

Securing Passwords Against Dictionary Attacks Presented By Chad Frommeyer.

Basics of testing mobile apps

Lesson 10: Configuring Network Settings MOAC : Configuring Windows 8.1.

Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.

NETWORKING & SYSTEM UPDATES

"Using An Enhanced Dictionary to Facilitate Auditing Techniques Related to Brute Force SSH and FTP Attacks" Ryan McDougall St. Cloud State University

Securing A Wireless Home Network. Simple home wired LAN.

Big Picture This semester we work on connecting STEP-L model and L-thia model;. STEP-L L-thia missouri.agriculture.purdue.edu.

Usability vs. Security: The Everlasting Trade-Off in the Context of Apple iOS Mobile Hotspots Andreas Kurtz, Felix Freiling, Daniel Metz Technical Report.

Password Cracking COEN 252 Computer Forensics. Social Engineering Perps trick Law enforcement, private investigators can ask. Look for clues: Passwords.

KNOW SOME LATEST TRENDS IN MOBILE APPLICATION DEVELOPMENT INDIA VertexPlus Softwares.

 Things you may not know…  Why should we be secure?  How to secure your computer  Security Types.

Module Overview Overview of Wireless Networks Configure a Wireless Network.

Version of the document: 1.01 Software Version CBox: v3.7.1 Hardware Version CBox: C5 Remote Access Configuration Client Language: English.

Understand Wireless Security LESSON Security Fundamentals.

PDF Recovery Tool Fix Portable Document File Format.

Secure Networks It’s not just for your office Dial-In Number: Meeting Number:

Presented by: Harlow & Harlow, LLP

Network security Vlasov Illia

Instructor Materials Chapter 6 Building a Home Network

FactoryTalk® ViewPoint With FactoryTalk® View SE

Written by : Thomas Ristenpart, Eran Tromer, Hovav Shacham,

Firewall – Survey Purpose of a Firewall Characteristic of a firewall

Joe, Larry, Josh, Susan, Mary, & Ken

3.2 Virtualisation.

CompTIA IT Fundamentals Study Guide (FC0-U51)

Teaching Computing to GCSE

Strong Authentication and Single Sign-On (SSO) for Health Care

FIXMYWIFI EXTENDER. STEP 1: OPEN THE DEVICE FROM THE PACKED BOX, THEN CONNECT THE ANTENNA TO THE DEVICE, AFTER COMPLETING THE PROCESS OF CONNECTING.

Ways to Secure CMS Websites. The most widely used Content Management Systems are Wordpress, Joomla and Drupal as per statistics. The highest CMS platforms.

Information Technology Services Education and Awareness Team

Extended Authentication Protocol (EAP) Vulnerabilities exploited through Rogue Access Points Stephen Cumella.

Advanced Penetration testing

Lesson 16-Windows NT Security Issues

NEW PRODUCT INTRODUCTION CONEKT™ Mobile Smartphone Access Control Identification Solution June 2018.

Chapter 7 – and 8 pp 155 – 202 of Web security by Lincoln D. Stein

Information Technology Services Education and Awareness Team

Agenda The current Windows XP and Windows XP Desktop situation

LM 5. Wireless Network Security

Introduction to Networking Security

Provide secure environment for online assessment with Moodle – POC.

Bethesda Cybersecurity Club

Presentation transcript:

Usability vs. Security: The Everlasting Trade-Off in the Context of Apple iOS Mobile Hotspots Andreas Kurtz, Felix Freiling, Daniel Metz Friedrich Alexander University Computer Science Department Technical Report CS-2013-02, June 2013 Available: https://www1.cs.fau.de/filepool/projects/hotspot/hotspot.pdf Presented by Tobey Hung

Overview Apple smartphones can be turned into portable Wifi hotspots. Default passwords generated are memorable BUT weak and susceptible to brute force attacks.

Threats Large attack surface: - Multiple connectivity options hence many points of entry for attackers to get into the system. Types of attacks: Abuse Internet Connection Exposed Services Eavesdropping (Man-in-the-middle)

Password Generation Default passwords are 4-6 letters long followed by 4 numbers. - All words generated can be found from a online word list of around 52500 entries. Reverse engineering shows that passwords are generated from a front-end spell-checking service. - Only 1842 entries taken into consideration. Selection of words is skewed with some words being chosen more frequently than others. - Some words are 10 times more likely to be selected than others.

The Attack Attack can be simulated in 4 steps: Identifying iOS targets. - e.g Business travellers at airports. De-authenticating wireless clients. - Forces users to re-authenticate Capture WPA handshakes. Cracking hotspot default passwords. - Offline brute force on suggestWordInLanguage() word list while invoking most commonly used words first. - CloudCracker for cloud password cracking

Limitations and Countermeasures - Limited time frame. - Need to be within proximity of the hotspot. Countermeasures: - Replace default passwords with user-defined strong and secure passwords. - Hotspot switched off when not in use. - Check screen for suspicious activities. e.g Unknown connected users.

Appreciation Authors adjust experiment to match real life scenarios: - Adjusts time efficiency of attacks to match a realistic time frame. - Created an dedicated application “Hotspot Cracker”. - The whole cracking process can be replicated easily which can be used as a basis for future work.

Criticism Problem is overhyped: - Can be fixed with a simple software update of the application as the only form of attack described is brute force. - The problem will likely to be addressed through advancement of security in future iOS systems (e.g iOS 7). Focus on the wrong aspect of the security issue. - Step 4) Password generation can be fixed easily. - But what about the other steps?

Question “What forms of authentications would we need to ensure secure wireless data transfer?”