Updated wifi devices may not fall for pineap/mana/etc.

[PoSHMagiC0de]

So, I was playing with scapy with working on cloaking beacons and forging my own probe requests and responses when I noticed something from my Pixel that was updated to Pi 9.1 and other devices in the area.  A bunch of devices were not probing for individual aps but instead doing wildcard probes.  I can see this impeding attacks that spoof responses for open access points that are probed to induce a connection.  Just an fyi.  Take a look in wireshark while monitoring wifi to see for yourself.  Filter by probe requests...or use scapy to find type 0 and subtype 4.

[i8igmac]

I have notice this a few years ago when I made a pi mana mobile box. ( not the frame in wire shark but the lack of connectivity )

 

during the testing around my house I notice the samsung s5 and other Old android devices would connect but anything newer didn't.

 

I drove around expecting hundreds of connections but not the case.

 

People replace phones rather quickly these days and automatic updates are becoming more frequent.

[Just_a_User]

3 hours ago, PoSHMagiC0de said:

A bunch of devices were not probing for individual aps but instead doing wildcard probes

Could it be the open network detection? or maybe google location services using wifi maybe?

On my last update (only 8.1) i noticed a wifi rating provider option, i can only select google as a provider - after looking it up it seems it rates wifi networks for speed informing users before connection. that could also highlight pineapple AP's if they dont have a rating at all. Wonder if that can be spoofed with a mac address/location copy tho.

Interesting times

[PoSHMagiC0de]

Nah, I seen this from new iphones too.  Probing for a 0 length SSID.  Was watching in wireshark and scapy.  I even put a few open spots on my phone on purpose but will not probe for those, just 0 length ssid which wireshark calls a wildcard.

[Colincolin343]

what does that mean for us