An adversary can use an Evil-Twin AP as a platform to launch a variety of attacks, including privacy and data theft. Many of smart home targeting attacks exploit a technique called Evil-Twin where an adversary makes a rogue (i.e., Evil-Twin) access point (AP) with the same identity (or SSID) as an authorized AP, hoping that many of the wireless clients will connect to the rogue AP due to the commonly used automatic access point selection option. Smart homes are increasingly becoming a target for cyber attackers. Smart homes consist of many intelligent, automation systems which are often connected to each other and the Internet through Wi-Fi to provide the inhabitants with sophisticated monitoring and control over the property’s functions. Experimental results show that our approach can successfully detect 90% of the fake APs, at the cost of a one-off, modest connection delay. As a departure from prior work, our approach does not rely on any professional measurement devices. We provide two schemes to detect a fake AP in two different scenarios where the genuine AP can be located at either a single or multiple locations in the property, by exploiting the multipath effect of the Wi-Fi signal. Our approach considers the RSSI as a fingerprint of APs and uses the fingerprint of the genuine AP to identify fake ones. This paper presents a novel Evil-Twin attack detection method based on the received signal strength indicator (RSSI).
However, such information can be faked by the attacker, often leading to low detection rates and weak protection. To identify the fake APs, The current approaches of detecting Evil-Twin attacks all rely on information such as SSIDs, the MAC address of the genuine AP, or network traffic patterns. Evil-Twin is becoming a common attack in smart home environments where an attacker can set up a fake AP to compromise the security of the connected devices.
0 kommentar(er)
