122 research outputs found

    A Large-Scale Evaluation of Privacy Practices of Public WiFi Captive Portals

    Get PDF
    Open access WiFi hotspots are widely deployed in many public places, including restaurants, parks, coffee shops, shopping malls, trains, airports, hotels, and libraries. While these hotspots provide an attractive option to stay connected, they may pose security and privacy risks to users. Several past studies focused on privacy leakage from browsing the internet or using mobile apps in an open hotspot, due to the nature of these hotspots, and the use of HTTP, as opposed to HTTPS for connections between the user device and the web service. The US Federal Trade Commission (FTC) acknowledges those risks and advises public WiFi users to take reasonable measures while using such networks. To complement previous efforts in analyzing security and privacy risks of using public WiFi hotspots, we design two comprehensive frameworks. The first framework (CPInspector) is designed to analyze the tracking behaviors and privacy leakage on public WiFi captive portals—where users typically agree to the hotspot’s terms or sometimes register before being allowed to access the internet. CPInspector performs a wide range of web tracking measurements on public WiFi captive portals for both Windows and Android; we must physically visit each hotspot and run the CPInspector on the hotspot captive portal. We also inspect the personal data collection practices of those hotspots and the security measures adopted to protect users’ information. Hotspots pose some unique risks due to their access to the users’ foot traffic, browsing habits, the device MAC address, and in certain cases, personal information such as name, email address, social media profile, location and employment history. Using CPInspector, we initially conducted a comprehensive privacy analysis of 80 public WiFi hotspot locations in Montreal, Canada. Our analysis reveals the collection of a significant amount of privacy-sensitive personal data through the use of social login (e.g., Facebook and Google) and registration forms, and many instances of tracking activities, sometimes even before the user accepts the hotspot’s privacy and terms of service policies. We also analyzed 98 hotspot locations in Montreal for ad injection, but we did not observe any content modification attempts. Next, we expanded our study to hotspots from other cities in Canada, Europe, and the US. We conducted a high-level comparative analysis of tracking behaviors of those hotspots (in total, 192 public WiFi hotspot locations; including Montreal hotspots). We conclude that some of our findings are indeed applicable to a larger geographical area, including the use of third-party trackers on captive portals and sharing the harvested data with third-party entities using third-party captive portals. We use the second framework to analyze hotspots privacy policies and terms-of-use documentation which also discloses the service provider’s data and privacy practices. We augment our policy analysis using our collected hotspots’ datasets to validate selected privacy aspects of the public WiFi. We evaluated a sample of 16 privacy policy and TOS documents from hotspots that appear to be most risky in Montreal, Canada. Our analysis reveals many instances where the hotspot may appear to conform to privacy best practices according to its documentation but fail to implement necessary technical measures

    Leaderboard Application as A Ranking Media for Internet Users

    Get PDF
    The technology of utilizing hotspot networks has developed quite rapidly. In its development, internet technology uses a more flexible Mikrotik hotspot because it provides convenience for administrators and users. The object of this study is the hotspot network of Hayam Wuruk University (UHW) Perbanas.  The goal is to develop a leaderboard design as a medium for monitoring internet use through the UHW Perbanas hotspot.  Its application is through the integration of mikrotik with the web service API as a ranking of internet users against three categories of activities, namely downloads, uploads and internet usage times on each day and month.  Each of these categories has 20 users.  The test method uses a black box.  Hasil testing states  that the system is successfully operating, so that it can be implemented in the context of decision making by the management of  UHW Perbanas

    User-side wi-fi hotspot spoofing detection on android-based devices

    Get PDF
    A Dissertation Submitted in Partial Fulfilment of the Requirements for the Degree of Master’s in Wireless and Mobile Computing of the Nelson Mandela African Institution of Science and TechnologyNetwork spoofing is becoming a common attack in wireless networks. Similarly, there is a rapid growth of numbers in mobile devices in the working environments. The trends pose a huge threat to users since they become the prime target of attackers. More unfortunately, mobile devices have weak security measures due to their limited computational powers, making them an easy target for attackers. Current approaches to detect spoofing attacks focus on personal computers and rely on the network hosts’ capacity, leaving users with mobile devices at risk. Furthermore, some approaches on Android-based devices demand root privilege, which is highly discouraged. This research aims to study users' susceptibility to network spoofing attacks and propose a detection solution in Android-based devices. The presented approach considers the difference in security information and signal levels of an access point to determine its legitimacy. On the other hand, it tests the legitimacy of the captive portal with fake login credentials since, usually, fake captive portals do not authenticate users. The detection approaches are presented in three networks: (a) open networks, (b) closed networks and (c) networks with captive portals. As a departure from existing works, this solution does not require root access for detection, and it is developed for portability and better performance. Experimental results show that this approach can detect fake access points with an accuracy of 98% and 99% at an average of 24.64 and 7.78 milliseconds in open and closed networks, respectively. On the other hand, it can detect the existence of a fake captive portal at an accuracy of 88%. Despite achieving this performance, the presented detection approach does not cover APs that do not mimic legitimate APs. As an improvement, future work may focus on pcap files which is rich of information to be used in detection

    Economic drivers in security decisions in public Wi-Fi context

    Get PDF
    This thesis investigates economic drivers in security decisions in the context of public Wi-Fi. Four sets of studies took place. The first set examined the risks of public Wi-Fi today. An experimental rogue public Wi-Fi was set up for 150 hours first in London, UK, in 2016, and then in Nara, Japan, in 2017. Sensitive data such as emails and login credentials were found to have been transmitted insecurely. The second set of studies examined decision-making and drivers influencing users to use public Wi-Fi. Participants (106 - UK, 103 - Japan) took part in scenario-based questionnaires. Findings showed that the desire to save mobile data allowance, a form of resource preservation heuristic tendency (RPHT), significantly prompted participants who regularly face mobile data constraints to use public Wi-Fi. The next study examined evidence in the wild. Participants (71 - UK only) were recruited for three months to run My Wi-Fi Choices, an Android app developed to capture factors driving the decisions to use public Wi-Fi. The results emphasised the importance of RPHT in driving users to use public Wi-Fi. Therefore, advising an individual trapped in mobile data RPHT to stop using public Wi-Fi entirely is futile. Alternative security advice is needed. This led to the last set of studies examining user decision to adopt a Virtual Private Network (VPN) app which can help to mitigate public Wi-Fi risks. Discrete choice experiments were run with 243 participants (154 - UK, 94 - Japan) to examine attributes of a VPN app affecting user decision. Various attributes of a VPN app were identified as drivers for the download and installation and the actual use of the app. Combining the knowledge gained from all studies, this thesis proposes a RPHT-decision model explaining the effects of RPHT on security decisions

    ACUTA Journal of Telecommunications in Higher Education

    Get PDF
    In This Issue President\u27s Message From the ACUTA CEO Wireless Challenges on Campus Snapshot: And Then There\u27s Mass Notification Time to Deploy Wireless Security Cameras? Five Steps to Simplify and Secure BYOD Where Wireless Rules Coming Soon to Your Campus: Wireless loT The Federal Reserve Research Grant and FISMA Compliance Managing Privacy and Security in the Age of loT 2014 Institutional Excellence Awar

    FakeAP Detector: An Android-Based Client-Side Application for Detecting Wi-Fi Hotspot Spoofing

    Get PDF
    This research article published by IEEE Access, 2022Network spoofing is becoming a common attack in wireless networks. The trend is going high due to an increase in Internet users. Similarly, there is a rapid growth of numbers in mobile devices in the working environments and on most official occasions. The trends pose a huge threat to users since they become the prime target of attackers. More unfortunately, mobile devices have weak security measures due to their limited computational powers. Current approaches to detect spoofing attacks focus on personal computers and rely on the network hosts’ capacity, leaving guest users with mobile devices at risk. Some approaches on Android-based devices demand root privilege, which is highly discouraged. This paper presents an Android-based client-side solution to detect the presence of fake access points in a perimeter using details collected from probe responses. Our approach considers the difference in security information and signal level of an access point (AP). We present the detection in three networks, (i) open networks, (ii) closed networks and (iii) networks with captive portals. As a departure from existing works, our solution does not require root access for detection, and it is developed for portability and better performance. Experimental results show that our approach can detect fake access points with an accuracy of 99% and 99.7% at an average of 24.64 and 7.78 milliseconds in open and closed networks, respectively
    • …
    corecore