EvilDirect: A New Wi-Fi Direct Hijacking Attack and Countermeasures

2017 IEEE. In this paper, we first show that Group Owner (GO) devices in Wi-Fi Direct are vulnerable to the EvilDirect attack. In the EvilDirect attack, a rogue GO is set up by an adversary to look like the legitimate GO (with the same MAC address, SSID, and operating channel). The adversary intercepts the clients' invitation requests and accepts them before the legitimate GO. Accordingly, the adversary hijacks the wireless communications between the clients and the legitimate GO. To defend against the EvilDirect attack, we propose the idea of exploiting the received signal strength (RSS) variations on the wireless channel between each client and the legitimate GO. Our solution, EvilDirectHunter checks whether the RSS profiles of both the client and the potential GO devices are similar with each other. Both devices incrementally prove this similarity by exchanging challenge and response packets. EvilDirectHunter is evaluated by implementing it as an Android App, and by modifying the Android kernel code responsible for Wi- Fi Direct in Google Nexus 5 and Samsung Galaxy S2 smartphones. The results show that EvilDirectHunter is able, within seconds, to identify EvilDirect attacks with a high detection rate (100%) while maintaining a low false positive rate (4.5%).

2017 26th International Conference on Computer Communication and Networks (ICCCN)

2017 26TH INTERNATIONAL CONFERENCE ON COMPUTER COMMUNICATION AND NETWORKS (ICCCN 2017)

EvilDirect: A New Wi-Fi Direct Hijacking Attack and Countermeasures Conference Paper