ABSTRACT : Project Title

Project ID: Com521

Category: Computer Science

Author (s): Danyil Mamentovych Please dont write

Supervisor(s): Olha Shaporina, Pavlo Merzlykin anything here

Lab or research center (if any):

Keywords: phishing attacks, pentesting, wireless networks,

Orange Pi Zero, captive portal

Public networks are usual in places of great concentrations of people: public transport,
airports, hotels, restaurants, education institutions, etc. As a result, these areas become
attractive spaces for phishing attacks. The reason is that users are not always aware of the
risks of using an unfamiliar network or understand which mobile apps send their data in the
background. To resist such attacks, one should investigate their mechanisms and causes
in more detail. Thus, the topic of the research is relevant.
To detect vulnerabilities, we carried out a survey among target users and found
out that most of them use Android as a primary mobile OS. Therefore we focused on
Android devices. To be more precise, a captive portal mechanism was misused to collect
users’ data.
The result of the investigation was an affordable and open source pentesting device
prototype. It was based on a single board computer with custom scripts and acted like a
Wi-Fi access point that stole users’ credentials secretly. We used it to simulate an attack at
our lyceum with permission of the principal and without actual passwords storing for ethical
reasons. As a result of the experiment we were able to detect vulnerable devices and
ignorant users. Unfortunately, due to pandemic and warfare restrictions, we were not able
to cover larger groups of users. It is to be done in our further investigations.
Conclusions
The results of our initial survey allowed us to narrow the target group and choose an attack
vector. We selected Orange Pi Zero as a hardware platform due to its low price and
sufficient performance and peripherals. Armbian Linux was used as a software platform.
Our hypothesis was confirmed and we managed to write custom scripts and finally build a
Wi-Fi phishing access point that is cheaper than its competitors. We carried out an ethical
hacking experiment in our lyceum and detected vulnerable devices and ignorant users.
Currently it is not possible to widen our target group due to pandemic and warfare
restrictions. We expect that our further research activities will cover larger groups of people
to generalize our findings.
The practical significance of the work is that the proposed device can be used for
researching phishing attacks, performing penetration testing, improving the digital literacy
of users, as well as for educational purposes.