Communications of the ACM
Malware Uses WiFi BSSID for Victim Identification
A newly discovered malware strain collects an infected user's Basic Service Set Identifier, then checks it against a free database of known BSSIDs and their locations, to determine the physical location of user and their Wi-Fi access point.
Credit: Stephen Phillips
SANS Internet Storm Center's Xavier Mertens recently discovered a new malware strain that collects an infected user's Basic Service Set Identifier (BSSID), or the MAC physical address of the wireless router or access point being used to connect via Wi-Fi.
The malware checks the BSSID against a free database of known BSSIDs and the last geographical location where they have been seen, allowing the malware to determine the physical location of the Wi-Fi access point—and the victim.
Typically, malware operators check the victim's IP address against an IP-to-geo database, but the results often are inaccurate.
This new method using the BSSID potentially could be adopted by other malware operators to double-check a victim's geographical location.
Determining the victim's location is important for malware operators looking for victims inside specific countries, or those seeking to avoid infecting victims in their native country to evade law enforcement.
From ZDNet
View Full Article
Abstracts Copyright © 2021 SmithBucklin, Washington, DC, USA
No entries found