Researches has discovered a new attack method named SSID Stripping. It could be used to spoof a network name with another name in a device’s list of networks to fool users.

An attacker can spoof the name of a wireless network. SSID Stripping is a method that malicious attackers could use to fool users into connecting to fake Wireless Access Points (WAPs). It affects devices running macOS, iOS, Ubuntu, Windows, and Android.

SSID spoofing is already a known attack, however, using this new SSID Stripping  technique, an attacker could more effectively fool a user to connect to a rogue Wi-Fi connection. Further, they can steal data and monitor communications.

Work Methodology

Researchers have defined three types of display errors, which they have used to describe the attack.

The first display error involves adding a NULL byte into the SSID. Doing so leads Apple devices to show only the part of the name that is before this byte. On Windows devices, an attacker could use newline characters (\n) for the same effect.

The second display error could be triggered using non-printable characters. A special character could be inserted into the SSID that will be added in the name without being shown to a user.

The last display error includes excluding a certain part of the network name from a visible part of a device’s screen. Thus, it could be used to hide extra words of a rogue network name by pushing them outside the visible screen area.

Conclusion

The SSID stripping technique shows that wireless devices are always exposed to unknown threats. It could be a serious threat to a user and organization’s safety. For protection, AirEye has released a free tool that can be used by organizations to discover if their devices are exposed to SSID stripping attacks.