Jun Liang Feng
Attack on WiFi-based Location Services and SSL Using Proxy Servers
Wireless LANs, or WiFi, are very common in any household or business today. Their wireless nature allows mobility and convenience for the user and that opens up a lot of new possibilities in mobile devices such as smartphones and tablets. One application that makes use of wireless LANs is positioning, which can be used in areas where Global Positioning Systems may have trouble functioning or not at all. However, a drawback of using wireless communication is that it is susceptible to eavesdropping and jamming. Once the wireless signal is jammed, an attacker can set up fake access points on different channels or frequencies to impersonate a legitimate access point. In my research, this attack was performed specifically to trick WiFi-based location services that are becoming very popular nowadays, especially for mobile devices. The attack works on Skyhook, Google, Apple and Microsoft location services, four of the major location service providers, and works on dual-band hardware. Some potential countermeasures to such an attack are also proposed.
The web is an important part of many people's lives today. People expect that their privacy and confidentiality is preserved when they use the web. Previously, web traffic mostly uses HTTP which meant traffic is unencrypted so most information is sent in plaintext, which an attacker can intercept and read. This is clearly a security problem so many websites now default to using a more secure protocol, namely HTTPS which uses HTTP with SSL, and will redirect you to the more secure version if you attempt to connect using the non-SSL version of the website. SSL works by exchanging keys between the client and server and the actual data is protected using the key and the cipher suite that is negotiated between the two. However, if a network uses a proxy server, it works slightly different. The SSL connection is broken up into two separate ones and that creates the potential for man-in-the-middle attacks that allow an attacker to intercept the data being transmitted. My research explores and implements several scenarios in which an adversary can conduct such a man-in-the-middle attack, and potential detection and mitigation methods.