Title: Wi-Fi access denial of service attack to smartphones

Authors: Erich Dondyk; Louis Rivera; Cliff C. Zou

Addresses: Department of Electrical Engineering and Computer Science, University of Central Florida, 4000 Central Florida Blvd., Orlando, FL 32816, USA ' Department of Electrical Engineering and Computer Science, University of Central Florida, 4000 Central Florida Blvd., Orlando, FL 32816, USA ' Department of Electrical Engineering and Computer Science, University of Central Florida, 4000 Central Florida Blvd., Orlando, FL 32816, USA

Abstract: This paper presents a novel denial-of-service attack targeted at popular smartphones. This type of attack, which we call a Denial-of-Convenience (DoC) attack, prevents non-technical savvy victims from utilising data services by exploiting the Wi-Fi connectivity protocol of smartphones. By setting up a fake Wi-Fi access point without internet access, an attacker can prompt a smartphone to automatically terminate a valid mobile broadband connection. Thus, preventing the targeted smartphone from having internet access unless the victim is capable of identifying the attack and manually disable the Wi-Fi features. We demonstrate that most popular smartphones, including Android and iPhone phones, are vulnerable to DoC attacks. To address this attack we propose, implement, and evaluate a novel validation protocol that uses the cellular network to send a secret key phrase to an internet validation server. Then, attempts to retrieve it via the newly established Wi-Fi channel to validate the Wi-Fi access point.

Keywords: denial-of-service; wi-fi access; mobile platforms; Androids; iPhones; DoS attacks; smartphones; denial-of-convenience; DoC attacks; validation protocol; secret key phrases; mobile broadband connection; network security.

DOI: 10.1504/IJSN.2013.057698

International Journal of Security and Networks, 2013 Vol.8 No.3, pp.117 - 129

Published online: 19 Nov 2013 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article