Carrying over 75% of the last-mile mobile Internet traffic, WiFi has inevitably become an enticing target for various security threats. In this work, we characterize a wide variety of real-world WiFi threats at an unprecedented scale, involving 19 million WiFi access points (APs) mostly located in China, by deploying a crowdsourced security checking system on 14 million mobile devices in the wild. Leveraging the collected data, we reveal the landscape of nationwide WiFi threats for the first time. We find that the prevalence, riskiness, and breakdown of WiFi threats deviate significantly from common understandings and prior studies. In particular, we detect attacks at around 4% of all WiFi APs, uncover that most WiFi attacks are driven by an underground economy, and provide strong evidence of web analytics platforms being the bottleneck of its monetization chain. Further, we provide insightful guidance for defending against WiFi attacks at scale, and some of our efforts have already yielded real-world impact - -effectively disrupted the WiFi attack ecosystem.
|Original language||English (US)|
|Title of host publication||ACM MobiCom 2021 - Proceedings of the 27th ACM Annual International Conference On Mobile Computing And Networking|
|Publisher||Association for Computing Machinery|
|Number of pages||14|
|State||Published - Oct 11 2021|
|Event||27th ACM Annual International Conference On Mobile Computing And Networking, MobiCom 2021 - New Orleans, United States|
Duration: Oct 25 2021 → Oct 29 2021
|Name||Proceedings of the Annual International Conference on Mobile Computing and Networking, MOBICOM|
|Conference||27th ACM Annual International Conference On Mobile Computing And Networking, MobiCom 2021|
|Period||10/25/21 → 10/29/21|
Bibliographical noteFunding Information:
We sincerely thank the anonymous reviewers for their insightful and detailed comments, as well as the shepherd for guiding us through the revision process. We also appreciate Prof. Tianyin Xu for his valuable advice and participation in the early stage of the study. This work is supported in part by the National Key R&D Program of China under grant 2018YFB1004700, the National Natural Science Foundation of China (NSFC) under grants 61822205, 61632020, 61632013 and 61902211, and the Beijing National Research Center for Information Science and Technology (BNRist).
© 2021 ACM.
- threat ecosystem
- wifi & mobile security