Sign In

Communications of the ACM

ACM TechNews

Malware Uses WiFi BSSID for Victim Identification


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
A Wi-Fi router.

A newly discovered malware strain collects an infected user's Basic Service Set Identifier, then checks it against a free database of known BSSIDs and their locations, to determine the physical location of user and their Wi-Fi access point.

Credit: Stephen Phillips

SANS Internet Storm Center's Xavier Mertens recently discovered a new malware strain that collects an infected user's Basic Service Set Identifier (BSSID), or the MAC physical address of the wireless router or access point being used to connect via Wi-Fi.

The malware checks the BSSID against a free database of known BSSIDs and the last geographical location where they have been seen, allowing the malware to determine the physical location of the Wi-Fi access point—and the victim.

Typically, malware operators check the victim's IP address against an IP-to-geo database, but the results often are inaccurate.

This new method using the BSSID potentially could be adopted by other malware operators to double-check a victim's geographical location.

Determining the victim's location is important for malware operators looking for victims inside specific countries, or those seeking to avoid infecting victims in their native country to evade law enforcement.

From ZDNet
View Full Article

 

Abstracts Copyright © 2021 SmithBucklin, Washington, DC, USA


 

No entries found