This app is for those, who are tired of being kicked from the network by WifiKill. And for those, who are a little bit paranoid, because they know it's quite easy to read the Wi-Fi traffic with tools like DroidSheep, ettercap, FaceNiff, Cain & Abel and others. Such programs use the same technique to prevent you from accessing the network or to sniff your data. You can defend yourself with a single app.
What is Wifi Protector?
Wifi Protector is a Android security app specifically designed to detect and prevent ARP spoofing attacks against your phone in Wi-Fi networks.
How does it work?
Wifi Protector is continuously monitoring network related parameters. When abnormal behaviour is detected, an alert is triggered. The type of alert can be configured. Detection, basic protection and alert work on all phones. On rooted phones it is also possible to reconfigure the phone to make it immune against the attack.
You can download the attached free version or get it for free from Google Play (mobile link).
Comments, questions, bug reports are welcome.
If you find the app useful please donate to this Bitcoin address: 19jqzdWFYTf5KZKnS6CJfG9vMX86ghysJQ
Q: What is a MAC address?
A: The Media Access Control address is a hardware address of a network interface. Every device in the (Wifi) network has a unique MAC address.
Q: What is ARP?
A: ARP stands for Address Resolution Protocol. When two devices want to communicate via Internet Protocol (IP) in a (Wifi) network they need to know each others MAC address. The ARP protocol is used to resolve the MAC address for a given IP address.
Q: What is the ARP cache?
A: The ARP cache is a temporary storage on your phone that holds pairs of IP and MAC addresses that belong together.
Q: What is ARP cache poisoning?
A: ARP cache poisoning is a method to inject false information into your phone's ARP cache by sending forged packets to the (Wifi) network.
Q: What is DOS attack (Denial Of Service) through ARP cache poisoning?
A: An attacker changes the ARP cache on your phone in a way that invalid MAC addresses are associated with certain IP addresses. Very popular is to inject a false MAC address for the default gateway of your phone. This is an effective way to prevent your phone from accessing the internet. The attack is very lightweight, so a single attacker can disturb large networks. With Wifi Protector on a rooted phone you are immune to this kind of attack.
Q: What is MITM attack (Man In The Middle) through ARP cache poisoning?
A: Like in DOS attacks an attacker changes the MAC address of your phone's default gateway in your phone's ARP cache. Instead of injecting an invalid MAC address he places the MAC address of his own device into the cache. If possible, he also poisons the ARP cache of the default gateway in the Wifi network and changes the MAC address associated with your phone's IP address in the gateway's ARP cache. If the default gateway is vulnerable, the attacker has established a full-routing MITM. He can now read and change everything you send and receive over the network, in some special cases even if you use encryption. If the default gateway is not vulnerable, the attacker has established a half-routing MITM. He can then read and change everything you send, but not the data you receive. With Wifi Protector on a rooted phone you are immune against half-routing and - to some extent - against full-routing MITM. In the full-routing MITM scenario Wifi Protector prevents the attacker to read and change everything you send, but not the data to receive. In any cases you get an alarm.
1.4.5 - OTHER: Added ACCESS_SUPERUSER permission 1.4.4 - OTHER: Changed su handling which fixes issues with outdated su binaries 1.4.3 - BUGFIX: Notification icon no longer disappears when "Clear notification" button is pressed - FEATURE: Added option to force start at boot, which is useful on devices that don't signal Wi-Fi start at boot - OTHER: Added CHANGE_NETWORK_STATE permission, which is required on some Samsung tablets running Android 3.2 in order to disable Wi-Fi on attack 1.4.2 - BUGFIX: Fixed ANR on some devices that happened in rare cases when app is started first time - BUGFIX: Fixed rare FC when restarting service from Expert Perspective 1.4.1 - BUGFIX: If notification settings haven't been configured the notification icon disappeared if main activity was closed. Fixed - OTHER: Improved error messages 1.4.0 - FEATURE: Notification icon can be hidden 1.3.0 - FEATURE: Wi-Fi can be automatically disabled on attack (optional). This is useful on non-rooted phones - FEATURE: App can be brought to the front on attack (optional) - OTHER: Improved compatibility with battery saving apps 1.2.0 - BUGFIX: Attack notification ringtone didn't honor phone volume on some devices. Fixed - BUGFIX: Vibration didn't honor phone silent mode. Fixed and made it configurable - FEATURE: All spoofing attempts are logged, including SSID, BSSID, Gateway IP, Gateway MAC, Attacker MAC, Attacker IP. Vendors are resolved and shown in detailed log view. Logs are cleaned automatically. Log size can be configured - FEATURE: Expert perspective shows BSSID vendor as well as SSID - FEATURE: On attack vibrate in a given pattern. Duration, repeats and gaps configurable 1.1.4 - BUGFIX: Fixed crash on ICS when Expert is selected - BUGFIX: On ICS a wrong phone IP address was shown. Fixed - BUGFIX: Fixed minor bugs - FEATURE: Internal arp command included 1.1.2 - BUGFIX: Database cursor closing properly - BUGFIX: If manually clearing gateway ARP entry fails, an error message appears - BUGFIX: If manual countermeasures fail, an error message appears - BUGFIX: BSSID mode attack detection precision improved - FEATURE: Background image can be switched off to save RAM - OTHER: OUI database performance improved - OTHER: Unused permissions removed - OTHER: Size of internal buffers reduced to conserve resources 1.1.1 - BUGFIX: Fixed wireless connection state handling - BUGFIX: Fixed FC on wireless connection change - BUGFIX: Fixed BSSID display in expert perspective 1.1.0 - FEATURE: IEEE 802.11 BSSID analysis. Detects the situation when a network is joined, which is already under attack. - FEATURE: Three BSSID analysis levels. Light: Vendor compare. Deep: 5 octet compare. Extreme: Exact match. - FEATURE: Expert perspective shows current BSSID. - FEATURE: Home screen shows attack detection method. 1.0.0 - Initial public release.
MD5: WifiProtector-46.apk = 5a2acdec7be1ea9faf1cfc3fb480d747