Presentation is loading. Please wait.

Presentation is loading. Please wait.

Andreas Kurtz, Felix Freiling, Daniel Metz

Published byLionel Little Modified over 6 years ago

Similar presentations

Presentation on theme: "Andreas Kurtz, Felix Freiling, Daniel Metz"— Presentation transcript:

1 Usability vs. Security: The Everlasting Trade-Off in the Context of Apple iOS Mobile Hotspots
Andreas Kurtz, Felix Freiling, Daniel Metz Friedrich Alexander University Computer Science Department Technical Report CS , June 2013 Available: Presented by Tobey Hung

2 Overview Apple smartphones can be turned into portable Wifi hotspots.
Default passwords generated are memorable BUT weak and susceptible to brute force attacks.

3 Threats Large attack surface:
- Multiple connectivity options hence many points of entry for attackers to get into the system. Types of attacks: Abuse Internet Connection Exposed Services Eavesdropping (Man-in-the-middle)

4 Password Generation Default passwords are 4-6 letters long followed by 4 numbers. - All words generated can be found from a online word list of around entries. Reverse engineering shows that passwords are generated from a front-end spell-checking service. - Only 1842 entries taken into consideration. Selection of words is skewed with some words being chosen more frequently than others. - Some words are 10 times more likely to be selected than others.

5 The Attack Attack can be simulated in 4 steps:
Identifying iOS targets. - e.g Business travellers at airports. De-authenticating wireless clients. - Forces users to re-authenticate Capture WPA handshakes. Cracking hotspot default passwords. - Offline brute force on suggestWordInLanguage() word list while invoking most commonly used words first. - CloudCracker for cloud password cracking

6 Limitations and Countermeasures
- Limited time frame. - Need to be within proximity of the hotspot. Countermeasures: - Replace default passwords with user-defined strong and secure passwords. - Hotspot switched off when not in use. - Check screen for suspicious activities e.g Unknown connected users.

7 Appreciation Authors adjust experiment to match real life scenarios:
- Adjusts time efficiency of attacks to match a realistic time frame. - Created an dedicated application “Hotspot Cracker”. - The whole cracking process can be replicated easily which can be used as a basis for future work.

8 Criticism Problem is overhyped:
- Can be fixed with a simple software update of the application as the only form of attack described is brute force. - The problem will likely to be addressed through advancement of security in future iOS systems (e.g iOS 7). Focus on the wrong aspect of the security issue. - Step 4) Password generation can be fixed easily. - But what about the other steps?

9 Question “What forms of authentications would we need to ensure secure wireless data transfer?”

Download ppt "Andreas Kurtz, Felix Freiling, Daniel Metz"

Similar presentations

SECURING WIRELESS LANS PRESENTED BY VICTOR C. NWALA CS555 Department of Computer Science Old Dominion University.

SECURING WIRELESS LANS PRESENTED BY VICTOR C. NWALA CS555 Department of Computer Science Old Dominion University.
Password Cracking, Network Sniffing, Man-in-the-Middle attacks, and Virtual Private Networks Lab 2 – Class Discussion Group 3 Ruhull Alam Bhuiyan Keon.

Password Cracking, Network Sniffing, Man-in-the-Middle attacks, and Virtual Private Networks Lab 2 – Class Discussion Group 3 Ruhull Alam Bhuiyan Keon.
Secure SharePoint mobile connectivity

Secure SharePoint mobile connectivity
Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.

Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.
CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.

CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
Dr. Sarbari Gupta Electrosoft Services Tel: (703)757-9096 Security Characteristics of Cryptographic.

Dr. Sarbari Gupta Electrosoft Services Tel: (703) Security Characteristics of Cryptographic.
Public Works and Government Services Canada Travaux publics et Services gouvernementaux Canada Password Management for Multiple Accounts Some Security.

Public Works and Government Services Canada Travaux publics et Services gouvernementaux Canada Password Management for Multiple Accounts Some Security.
Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.

Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.
How to Secure a Home Wi-Fi S. Roy. Acknowledgement In preparing the presentation slides and the lab setup, I received help from Professor Simon Ou Professor.

How to Secure a Home Wi-Fi S. Roy. Acknowledgement In preparing the presentation slides and the lab setup, I received help from Professor Simon Ou Professor.
Sales Guide V1.00 Andy Wu Jan, 2012. Product Introduction Product Positioning The Use Scenario Competitor Analysis.

Sales Guide V1.00 Andy Wu Jan, Product Introduction Product Positioning The Use Scenario Competitor Analysis.
Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.

Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.
The Internet and World Wide Web.  Understand how the Internet evolved  Describe common Internet communication methods and activities  Setting up your.

The Internet and World Wide Web.  Understand how the Internet evolved  Describe common Internet communication methods and activities  Setting up your.
1/28/2010 Network Plus Security Review Identify and Describe Security Risks People –Phishing –Passwords Transmissions –Man in middle –Packet sniffing.

1/28/2010 Network Plus Security Review Identify and Describe Security Risks People –Phishing –Passwords Transmissions –Man in middle –Packet sniffing.
Wireless Networking Concepts By: Forrest Finkler Computer Science 484 Networking Concepts.

Wireless Networking Concepts By: Forrest Finkler Computer Science 484 Networking Concepts.
1 C-DAC/Kolkata C-DAC All Rights Reserved www.cdackolkata.in Computer Security.

1 C-DAC/Kolkata C-DAC All Rights Reserved Computer Security.
Doc.: IEEE 802.11-11-1250-00-00ai Submission Paul Lambert, Marvell Security Review and Recommendations for IEEE802.11ai Fast Initial Link Setup Author:

Doc.: IEEE ai Submission Paul Lambert, Marvell Security Review and Recommendations for IEEE802.11ai Fast Initial Link Setup Author:
Done By : Ahmad Al-Asmar Wireless LAN Security Risks and Solutions.

Done By : Ahmad Al-Asmar Wireless LAN Security Risks and Solutions.
Copyright Security-Assessment.com 2005 Wireless Security by Nick von Dadelszen.

Copyright Security-Assessment.com 2005 Wireless Security by Nick von Dadelszen.

Similar presentations

Ads by Google