Paper Info
Title
Passwords in the Air: Harvesting Wi-Fi Credentials from SmartCfg Provisioning.
Abstract
Smart devices without an interactive UI (e.g., a smart bulb) typically rely on specific provisioning schemes to connect to wireless networks. Among all the provisioning schemes, SmartCfg is a popular technology to configure the connection between smart devices and wireless routers. Although the SmartCfg technology facilitates the Wi-Fi configuration, existing solutions seldom take into serious consideration the protection of credentials and therefore introduce security threats against Wi-Fi credentials. This paper conducts a security analysis against eight SmartCfg based Wi-Fi provisioning solutions designed by different wireless module manufacturers. Our analysis demonstrates that six manufacturers provide flawed SmartCfg implementations that directly lead to the exposure of Wi-Fi credentials: attackers could exploit these flaws to obtain important credentials without any substantial efforts on brute-force password cracking. Furthermore, we keep track of the smart devices that adopt such Wi-Fi provisioning solutions to investigate the influence of the security flaws on real world products. Through reversely analyzing the corresponding apps of those smart devices we conclude that the flawed SmartCfg implementations constitute a wide potential impact on the security of smart home ecosystems.
Year
DOI
Venue
2018
10.1145/3212480.3212496
WiSec '18: 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks Stockholm Sweden June, 2018
Keywords
Field
DocType
Smart devices, Wi-Fi provisioning
Wireless network,Password cracking,Computer security,Computer science,Computer network,Home automation,Implementation,Provisioning,Exploit,Security analysis,Password
Conference
ISBN
Citations 
PageRank 
978-1-4503-5731-9
2
0.38
References 
Authors
9
7
Name
Order
Citations
PageRank
Changyu Li1100.95
Quanpu Cai220.38
Juanru Li317924.07
Hui Liu4253.70
Yuanyuan Zhang5335.18
Dawu Gu6644103.50
Yu Yu721930.37