28

My Android device (v. 7.1.2) offers several options to use the "Smart Lock" feature.

This feature uses some rules to automatically disable the lockscreen.

Available rules are:

  • Trusted place
  • Trusted Bluetooth device
  • Trusted face
  • Trusted voice
  • On-body detection

I am surprised that there is no option to use a trusted WiFi network.

Some forums state the risk for the WiFi network to be spoofed. I don't understand how the risk is different: an attacker could spoof a Bluetooth device as well.

What could be reasons for not allowing a WiFi-based unlocking while allowing Bluetooth-based unlocking?

Dan Hulme
  • 35,000
  • 17
  • 90
  • 155
KooDooMoo
  • 383
  • 1
  • 3
  • 5
  • 5
    I honestly believe this question can be answered along technical lines without the need of introducing opinion. I request close voters to please let us know why do you disagree? – Firelord Aug 21 '17 at 13:29
  • 4
    @Firelord wasn't me, but "why" questions tend to be opinion-based. We can come up with reasons why *we" would do X – but unless there's an official statement from those devs, we never know. Further, it rises the question: "What problem shall be solved here?" ;) // Not saying it must be closed, just trying to shed some "opinion based light" on possible reasons of voters :) – Izzy Aug 21 '17 at 13:38

2 Answers2

32

Some forums state the risk for the WiFi network to be spoofed. I don't understand how the risk is different: an attacker could spoof a Bluetooth device as well.

The risk is different. It's not possible to spoof a paired Bluetooth device. The Bluetooth peripheral and the phone exchange keys as part of the pairing process, so both of them can securely identify the other. When the devices connect, they each challenge the other to prove they have the secret keys. If it didn't work this way, it would be trivial to "man-in-the-middle" attack the connection by pretending to be the peripheral. Then the attacker could eavesdrop your phone calls or music, or whatever it is you're sending over Bluetooth.

Authentication works a bit differently in Wi-Fi. See this question on our sister site Super User for more discussion on that. In open networks, and networks authenticated using WEP, WPA, or WPA2-PSK, the network doesn't authenticate to the phone at all. The phone has to prove that it has the secret key (the network password), but the network doesn't have to prove anything. There are no "trusted Wi-Fi networks" in this sense. Only networks authenticated with WPA2-Enterprise, which use a certificate pair, prove their identity to the phone, by showing a certificate signed by a certificate authority (just like HTTPS websites). Presumably, Google didn't think it was worth adding an option that would only work with the least common type of Wi-Fi network, and the confusion it would cause their users.

Interestingly, Wi-Fi spoofing is already a security issue for the "trusted place" option. The location system uses visible Wi-Fi networks as one input to determine where you are, and as we've seen, that can cause huge inaccuracies. Spoofing this deliberately means looking at the networks that are visible in your "trusted place" and spoofing several at once. Your neighbourhood phone-snatcher won't be able to unlock your phone this way, but government agencies and organised industrial spies probably can: especially if they also use a screened room to block GPS and cellular signals.

Dan Hulme
  • 35,000
  • 17
  • 90
  • 155
  • 1
    You can also spend $100 and get a Pineapple and now you can unlock everyone's phone who was stupid enough to use an insecure method for smart lock. Or you know, just don't enable insecure options. – Wayne Werner Aug 21 '17 at 16:45
  • @WayneWerner Pineapple? – Fiksdal Aug 21 '17 at 18:53
  • 1
    @Revetahw https://www.wifipineapple.com/ – Wayne Werner Aug 21 '17 at 19:59
  • Note that even most WPA-Enterprise networks don't actually use certificates. All the ones I've ever seen do RADIUS over something like EAP. – chrylis -cautiouslyoptimistic- Aug 21 '17 at 23:49
  • @MikeOunsworth Thanks for pointing that out. I started out searching for such a question on security, and then failed to notice I'd followed a link to SU. – Dan Hulme Aug 22 '17 at 07:41
  • WPA-enterprise with certificates is quite common in UK universities. If Google built this in, would you really want your phone to be unlocked whenever and wherever it is on campus? (Or in your office building for that matter) – Chris H Aug 22 '17 at 08:11
  • 5
    Unfortunately, this answer is wrong. In WPA2-PSK, both the station and the AP have to prove that they know the passphrase in the four-way handshake. AFAIR, this should also be valid for WPA and even WEP, but they have other vulnerabilities. For WPA2, security is only compromised for inside attackers (Hole 196 attack) or when the PSK is easily guessed, brute-forced (using encrypted Wi-Fi packets) or leaked. – Dubu Aug 22 '17 at 08:42
  • @Dubu I'm not a huge expert on Wi-Fi security, I just went on the accepted answer to this question – Dan Hulme Aug 22 '17 at 08:53
  • 1
    @DanHulme Thank you for the heads up, I just commented on that answer too. – Dubu Aug 22 '17 at 08:59
  • While it might be possible, one would have to know the name of the SSID, and have serious knowledge about how doing such attack. In the meantime, 4 digits password or dumb pattern recognition are valid method to unlock a device... – Christophe Vidal Jan 31 '20 at 11:04
  • @ChristopheVidal The attack is really simple to do if you know the SSID of a "trusted" network, and most networks broadcast their SSID, so you can get some likely SSIDs to unlock the phone just by looking up the victim's home or office on openwifimaps. – Dan Hulme Feb 03 '20 at 11:45
7

What you ask would certainly be possible, but it should be restricted to when a device is connected to a Wi-Fi network using sufficient security, i.e. WPA2 authentication/encryption. Probably it was left out because it would be hard to communicate to a non-technical user why they could use certain Wi-Fi networks for authentication but not others.

In contrast to what @DanHulme wrote in his answer, when using WPA2 authentication with pre-shared keys (WPA2-PSK), both the station and the AP have to prove that they know the passphrase in the four-way handshake. A rogue WPA2-AP cannot give access to a client by just "accepting" the client's password. On the other hand, everyone who knows the PSK could fake an AP (WPA2 Enterprise does have an advantage here over WPA2-PSK).

Dubu
  • 171
  • 3