Skip to content

At The Identity Organisation, we're here to help!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    Researchers Discover Vulnerability Used for Deception and SSID Stripping

    Deception and SSID Stripping

    Researchers at AirEye have discovered a vulnerability in the way in which devices connect to wireless networks that could allow an attacker to trick a user into connecting to a malicious network. The method, dubbed “SSID Stripping,” enables attackers to create an Access Point (AP) that appears to have the exact same name as a legitimate network. The flaw affects Windows, iOS and macOS, Android, and Ubuntu.

    “Since the attacker creates a rogue AP with a name that looks exactly like the known legitimate network name, users are more likely to fall prey to this attack,” the researchers write. “Operating system vendors have put in place controls to prevent users from connecting to rogue APs displaying the same network name as legitimate networks. These controls mainly rely on the fact that the device is configured to use the same security measures, such as a certificate, every time it connects to a network name it already has in its memory. Thus, a device cannot connect to a rogue AP with the same network name since the rogue AP does not require the same security measures.”

    The vulnerability stems from the fact that certain characters aren’t displayed in the name of the network shown on the device.

    “We found out that many special characters are simply omitted from the actual display (especially those considered ‘non-printable’ characters),” the researchers explain. “For example, the NULL byte when introduced into a network name is not part of the display on Android phones. A network name of the form ‘aireye_network’ would be displayed exactly the same as ‘aireye_network.’ The same holds true for Ubuntu machines when handling a NULL byte. Other ‘non-printable’ characters have similar effects on iPhone and Mac devices. For example, the network name ‘aireye_x1cnetwork’ (with x1c representing a byte with the value 0x1C hex), is displayed exactly the same as “aireye_network.’”

    “SSID Stripping bypasses these security controls since the device itself processes the network names as they actually are, not as they are displayed,” the researchers add. “Hence, the devices do not consider the rogue AP to have the same name as the legitimate network.”

    New-school security awareness training can give your employees a healthy sense of suspicion so they can avoid falling for social engineering attacks.

    AirEye has the full story


    Request A Demo: Security Awareness Training

    products-KB4SAT6-2-1

    New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn’t a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4’s security awareness training and simulated phishing platform and see how easy it can be!

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/one-on-one-demo-partners?partnerid=001a000001lWEoJAAW

    Sign Up to the TIO Intel Alerts!

    Back To Top