A Proof of MITM Vulnerability in Public WLANs Guarded by Captive Portal

Abstract

In this paper, A lot of public areas provide the WLAN service for nomadic users so that they can finish the tasks even when they are out of office. Therefore, the security of public WLANs is more important than past. Nowadays many public WLANs service providers the Captive Portal to authenticate users. The Captive Portal uses a webpage to request a user to authenticate himself by providing his own username and password. This security mechanism proved to be simple and effective because users cannot access Internet before they get authenticated. However, in this paper, we shall illustrate that for public WLANS which are guarded by Captive Portal, will be vulnerable to man-in-the- middle attacks. Therefore, a hacker can careful send out some spoofing packets and take advantage of the public WLAN to access Internet without being authenticated. We show the vulnerability by both protocol analysis and a real implementation in C programs.