Hackers Use SSID Stripping to Trick Users Into Joining Rogue Apps

Hackers Use SSID Stripping
Share It On:

10th October 2021, Kathmandu

With the development of new danger entertainers and their most recent assault vectors, the cyber threat scene is bigger than anticipated. Security specialists from AirEye as of late uncovered a new hacking strategy, named SSID Stripping, which could be utilized to fool accidental clients into associating with fake remote organizations.

What is SSID Stripping?

In a joint examination with Technion, AirEye uncovered that dangerous entertainers could control the name of a remote organization, especially the SSID (Service Set Identifier), to show as a genuine organization to the clients. SSID Stripping empowers assailants to fool clients into interfacing with maverick Wi-Fi networks set up by them. Clients associated with these organizations would become defenseless against gadget compromise, malware assaults, and information burglaries.

As a general rule, Wi-Fi networks are recognized dependent on their organization name, officially known as SSID. The SSID goes about as the essential identifier for a client to discover and associate with a particular organization. Various gadgets give distinctive organization names, which are additionally called Access Points (APs).

The SSID Stripping technique had all the earmarks of being a serious security danger, as it impacts a few organizations and gadgets running on Windows, macOS, Ubuntu, Android, and iOS. “The SSID distributed by any AP nearby a remote customer is handled by that customer – whether or not there is any trust between the customer gadget and the AP. Thus an assailant might endeavor to remember pernicious payload inside the SSID for an endeavor to take advantage of a weak customer execution,” AirEye said.

Discoveries

The examination found three sorts of “show blunders” utilizing which assailants change/control the organization names. These include:

Show Error 1 – A presentation of just a prefix of the genuine organization names.

Show Error 2 – Omissions of certain characters from the showcase name.

Show Error 3 – Some characters are pushed outside of the noticeable part of the presentation name.

Effects

Cybercriminals can utilize SSID Stripping to perform different assaults, which incorporates:

  • Making a more powerful maverick Access Point (AP), effectively misdirecting the client into interfacing with a rebel organization.
  • Joining an assault inside an organization name without raising doubts from a client or framework administrators.
  • Conveying a malevolent code on gadgets in the maverick organization.
  • Observing or taking touchy data from compromised gadgets.
  • Step-by-step instructions to Check for SSID Stripping Vulnerability.

AirEye has delivered a free Windows-based device, named Hide ‘n Seek, utilizing which clients and associations can confirm in case they’re helpless against the SSID Stripping assault.

“The device distributes various organization names utilizing SSID Stripping strategies, in view of the first SSID that the client gives. Clients would then be able to discover how these organization names are shown on the different gadgets in their association to get a feeling of how weak their current circumstance is,” AirEye added.


Share It On:

Recent Posts

56 Companies Declare Dividends: NEPSE Dividend Update 2023/24 – Cash and Bonus Shares Breakdown

56 Companies Declare Dividends: NEPSE Dividend Update 2023/24 – Cash

Share It On:7th December 2024, Kathmandu  A total of 56 companies and mutual funds listed on the Nepal Stock Exchange

Samsung Unveils One UI 7: Redefining the Smartphone Experience with Powerful AI and Intuitive Design

Samsung Unveils One UI 7: Redefining the Smartphone Experience with

Share It On:7th December 2024, Kathmandu  Samsung Nepal announced the public release of the One UI 7 beta program, boasting

Sanima Bank’s 20th Anniversary Celebration: Community-Focused Blood Drive Promotes Health and CSR Initiatives

Sanima Bank’s 20th Anniversary Celebration: Community-Focused Blood Drive Promotes Health

Share It On:7th December 2024, Kathmandu Sanima Bank has jointly organized a blood donation program with Community Service Center-Naxal, Community

MAW Vriddhi Expands EV Presence in Birgunj: Launch of New Showroom and Exciting Test Drive Camp

MAW Vriddhi Expands EV Presence in Birgunj: Launch of New

Share It On:6th December 2024, Kathmandu MAW Vriddhi Motors Pvt. Ltd. the authorized importer of Dongfeng Nammi and Seres has

NIBL Invests in Nepal Hydropower Project: Supporting Electro Power’s 44 MW Green Energy Initiative

NIBL Invests in Nepal Hydropower Project: Supporting Electro Power’s 44

Share It On:6th December 2024, Kathmandu NIBL Equity Partners, a private equity firm focused on fostering sustainable businesses, has signed

Samsung TV 2024 Cashback Offer: Enjoy 4K Cricket Experience with Up to 31% Off

Samsung TV 2024 Cashback Offer: Enjoy 4K Cricket Experience with

Share It On:6th December 2024, Kathmandu With the historic first season of the Nepal Premiere League cricket commencing in full