The camera-ready version of Nearby Threats: Reversing‚ Analyzing‚ and Attacking Google’s “Nearby Connections” on Android is available here
We also released a proof of concept code to perform the Soft AP manipulation attack. The code was previously disclosed to Google. In summary, the attack allows a malicious Nearby Connections server (advertiser) to redirect a client to a malicious Internet connected access point. As a result the attacker can reconfigure the wireless network interface of the victim via DHCP and gets access to all the Wi-Fi traffic (even traffic from non Nearby Connections applications).
I’m very happy to announce that our paper titled Nearby Threats: Reversing‚ Analyzing‚ and Attacking Google’s “Nearby Connections” on Android has been accepted for the The Network and Distributed System Security Symposium (NDSS). Here you can download a pre-print. Here is the list of accepted papers for NDSS 2019 Soon I’ll update more material such an exploit PoC code.