Systems and methods for detecting potentially illegitimate wireless access points

US 9,913,201 B1
Filed: 01/29/2015
Issued: 03/06/2018
Est. Priority Date: 01/29/2015
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for detecting potentially illegitimate wireless access points, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:

determining a geographic location of a known wireless access point that provides access to a legitimate wireless network by identifying at least one additional wireless network within a range of the known wireless access point while the computing device is connected to the known wireless access point;

detecting an attempt by the computing device to automatically connect to a wireless access point that resembles the known wireless access point by determining that;

the computing device has transmitted a probe request frame to connect to the known wireless access point that contains an identifier of the known wireless access point; and

the computing device has received, from the wireless access point, a probe response frame in response to the probe request frame that alleges the known wireless access point is available;

determining a current geographic location of the computing device by identifying at least a portion of the wireless networks within a range of the wireless access point;

determining that the current geographic location of the computing device is beyond a certain distance from the geographic location of the known wireless access point by determining that the additional wireless network within the range of the known wireless access point is not within the range of the wireless access point; and

determining, based at least in part on the current geographic location of the computing device being beyond the certain distance from the geographic location of the known wireless access point, that the wireless access point is falsely alleging to be the known wireless access point, wherein the wireless access point falsely alleges to be the known wireless access point by;

extracting the identifier of the known wireless access point from within the probe request frame transmitted by the computing device; and

including the identifier of the known wireless access point within the probe response frame sent to the computing device.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The disclosed computer-implemented method for detecting potentially illegitimate wireless access points may include (1) detecting an attempt by the computing device to automatically connect to a wireless access point that resembles a known wireless access point whose geographic location is stored by the computing device, (2) identifying a current geographic location of the computing device, (3) determining that the current geographic location of the computing device is beyond a certain distance from the geographic location of the known wireless access point, and then (4) determining, based at least in part on the determination that the current geographic location of the computing device is beyond the certain distance from the geographic location of the known wireless access point, that the wireless access point is potentially illegitimate. Various other methods, systems, and computer-readable media are also disclosed.

32 Citations

View as Search Results

20 Claims

1. A computer-implemented method for detecting potentially illegitimate wireless access points, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
- determining a geographic location of a known wireless access point that provides access to a legitimate wireless network by identifying at least one additional wireless network within a range of the known wireless access point while the computing device is connected to the known wireless access point;
  
  detecting an attempt by the computing device to automatically connect to a wireless access point that resembles the known wireless access point by determining that;
  
  the computing device has transmitted a probe request frame to connect to the known wireless access point that contains an identifier of the known wireless access point; and
  
  the computing device has received, from the wireless access point, a probe response frame in response to the probe request frame that alleges the known wireless access point is available;
  
  determining a current geographic location of the computing device by identifying at least a portion of the wireless networks within a range of the wireless access point;
  
  determining that the current geographic location of the computing device is beyond a certain distance from the geographic location of the known wireless access point by determining that the additional wireless network within the range of the known wireless access point is not within the range of the wireless access point; and
  
  determining, based at least in part on the current geographic location of the computing device being beyond the certain distance from the geographic location of the known wireless access point, that the wireless access point is falsely alleging to be the known wireless access point, wherein the wireless access point falsely alleges to be the known wireless access point by;
  
  extracting the identifier of the known wireless access point from within the probe request frame transmitted by the computing device; and
  
  including the identifier of the known wireless access point within the probe response frame sent to the computing device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein determining the geographic location of the known wireless access point is performed prior to detecting the attempt to automatically connect to the wireless access point.
  - 3. The method of claim 2, further comprising storing the geographic location of the known wireless access point within the computing device.
  - 4. The method of claim 1, wherein:
    - determining the geographic location of the known wireless access point further comprises at least one of;
      
      querying a Global Positioning System (GPS) device within the computing device; and
      
      analyzing an internet protocol address of the computing device; and
      
      determining the current geographic location of the computing device further comprises at least one of;
      
      querying the GPS device within the computing device; and
      
      analyzing a current internet protocol address of the computing device.
  - 5. The method of claim 4, wherein determining that the current geographic location of the computing device is beyond the certain distance from the geographic location of the known wireless access point further comprises determining that the current geographic location of the computing device exceeds a certain radius from the geographic location of the known wireless access point.
  - 6. The method of claim 1, wherein identifying the additional wireless network within the range of the known wireless access point is performed in response to determining that the computing device is not equipped with a functional geolocation system.
  - 7. The method of claim 1, further comprising blocking access to the wireless access point in response to determining that the wireless access point is falsely alleging to be the known wireless access point.
  - 8. The method of claim 1, further comprising prompting a user of the computing device to manually decide whether to connect to the wireless access point in response to determining that the wireless access point is falsely alleging to be the known wireless access point.
  - 9. The method of claim 1, further comprising:
    - detecting an attempt by the computing device to automatically connect to an additional wireless access point that resembles the known wireless access point;
      
      identifying an additional current geographic location of the computing device;
      
      determining that the additional current geographic location of the computing device is within the certain distance from the geographic location of the known wireless access point; and
      
      in response to determining that the additional current geographic location of the computing device is within the certain distance from the geographic location of the known wireless access point, enabling the computing device to connect to the additional wireless access point.
  - 10. The method of claim 1, wherein detecting the attempt by the computing device to automatically connect to the wireless access point that resembles the known wireless access point comprises determining that the computing device is configured to transmit probe request frames to connect to the known wireless access point at predetermined intervals.
  - 11. The method of claim 1, wherein the wireless access point transmits the probe response frame in response to intercepting the probe request frame transmitted by the computing device.

12. A system for detecting potentially illegitimate wireless access points, the system comprising:
- a determination module, stored in memory, that determines a geographic location of a known wireless access point that provides access to a legitimate wireless network by identifying at least one additional wireless network within a range of the known wireless access point while a computing device is connected to the known wireless access point;
  
  a detection module, stored in memory, that detects an attempt by the computing device to automatically connect to a wireless access point that resembles the known wireless access point by determining that;
  
  the computing device has transmitted a probe request frame to connect to the known wireless access point that contains an identifier of the known wireless access point; and
  
  the computing device has received, from the wireless access point, a probe response frame in response to the probe request frame that alleges the known wireless access point is available;
  
  an identification module, stored in memory, that determines a current geographic location of the computing device by identifying at least a portion of the wireless networks within a range of the wireless access point;
  
  wherein the determination module;
  
  determines that the current geographic location of the computing device is beyond a certain distance from the geographic location of the known wireless access point by determining that the additional wireless network within the range of the known wireless access point is not within the range of the wireless access point; and
  
  determines, based at least in part on the current geographic location of the computing device being beyond the certain distance from the geographic location of the known wireless access point, that the wireless access point is falsely alleging to be the known wireless access point, wherein the wireless access point falsely alleges to be the known wireless access point by;
  
  extracting the identifier of the known wireless access point from within the probe request frame transmitted by the computing device; and
  
  including the identifier of the known wireless access point within the probe response frame sent to the computing device; and
  
  at least one processor that executes the detection module, the identification module, and the determination module.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The system of claim 12, wherein the determination module determines the geographic location of the known wireless access point prior to the detection module detecting the attempt to automatically connect to the wireless access point.
  - 14. The system of claim 13, wherein the determination module further stores the geographic location of the known wireless access point within the computing device.
  - 15. The system of claim 14, wherein:
    - the determination module further identifies the geographic location of the computing device by at least one of;
      
      querying a GPS device within the computing device; and
      
      analyzing an internet protocol address of the computing device; and
      
      the identification module further identifies the current geographic location of the computing device by at least one of;
      
      querying the GPS device within the computing device; and
      
      analyzing a current internet protocol address of the computing device.
  - 16. The system of claim 15, wherein the determination module further determines that the current geographic location of the computing device is beyond the certain distance from the geographic location of the known wireless access point by determining that the current geographic location of the computing device exceeds a certain radius from the geographic location of the known wireless access point.
  - 17. The system of claim 12, wherein the determination module identifies the additional wireless network within the range of the known wireless access point in response to determining that the computing device is not equipped with a functional geolocation system.
  - 18. The system of claim 12, wherein the detection module detects the attempt by the computing device to automatically connect to the wireless access point that resembles the known wireless access point by determining that the computing device is configured to transmit probe request frames to connect to the known wireless access point at predetermined intervals.
  - 19. The system of claim 12, wherein the wireless access point transmits the probe response frame in response to intercepting the probe request frame transmitted by the computing device.

20. A non-transitory computer-readable medium comprising one or more computer-executable instructions that, when executed by at least one processor of a computing device, cause the computing device to:
- determine a geographic location of a known wireless access point that provides access to a legitimate wireless network by identifying at least one additional wireless network within a range of the known wireless access point while the computing device is connected to the known wireless access point;
  
  detect an attempt by the computing device to automatically connect to a wireless access point that resembles the known wireless access point by determining that;
  
  the computing device has transmitted a probe request frame to connect to the known wireless access point that contains an identifier of the known wireless access point; and
  
  the computing device has received, from the wireless access point, a probe response frame in response to the probe request frame that alleges the known wireless access point is available;
  
  determine a current geographic location of the computing device by identifying at least a portion of the wireless networks within a range of the wireless access point;
  
  determine that the current geographic location of the computing device is beyond a certain distance from the geographic location of the known wireless access point by determining that the additional wireless network within the range of the known wireless access point is not within the range of the wireless access point; and
  
  determine, based at least in part on the current geographic location of the computing device being beyond the certain distance from the geographic location of the known wireless access point, that the wireless access point is falsely alleging to be the known wireless access point, wherein the wireless access point falsely alleges to be the known wireless access point by;
  
  extracting the identifier of the known wireless access point from within the probe request frame transmitted by the computing device; and
  
  including the identifier of the known wireless access point within the probe response frame sent to the computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Gen Digital Inc.
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Harmon, Justin
Primary Examiner(s)
Zee, Edward
Assistant Examiner(s)
Nguy, Chi

Application Number

US14/608,218
Time in Patent Office

1,132 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/1416   Event detection, e.g. attac...

H04W 12/12   Detection or prevention of ...

H04W 12/122   Counter-measures against at...

H04W 12/63   Location-dependent; Proximi...

H04W 4/023   using mutual or relative lo...

H04W 48/04   based on user or terminal l...

H04W 88/08   Access point devices

Systems and methods for detecting potentially illegitimate wireless access points

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

32 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Systems and methods for detecting potentially illegitimate wireless access points

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

32 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others