Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/esg/sixm-android/help/en-us/index.html?contextId=wifi-security

Wi-Fi Security

You use Wi-Fi Security to check your Wi-Fi connection for network-based threats.

Requirement

When you turn on Wi-Fi Security, Android will ask you to allow background location and precise location access.

Sophos Intercept X for Mobile doesn’t access or track your location. However, due to Android privacy policies, the app must request location permissions because someone knowing the name of your Wi-Fi network could theoretically use this information to determine your location.

Note

If Sophos Intercept X for Mobile is enrolled with Sophos Mobile, this feature is managed by your organization.

On the dashboard, Wi-Fi Security is available under Network security.

Issue types

Sophos Intercept X for Mobile detects the following issues:

ARP spoofing

ARP spoofing is where an attacker sends malicious Address Resolution Protocol (ARP) messages to your computer, making it believe the attacker’s MAC address is associated with the IP address of your network gateway. This allows them to access your private network, steal sensitive data, and launch additional attacks like denial-of-service or man-in-the-middle attacks.

Captive portal

A captive portal is a way for public Wi-Fi networks to ask for authentication before granting access to the network. Because all traffic is redirected to the captive portal, you might receive additional warnings.

Content manipulation

Content manipulation is where an attacker manipulates a website’s content to force you to do harmful actions. This allows them to do such things as bypass authentication or delete data.

SSL interception

SSL interception is where an attacker uses a false server certificate to intercept the secured connection between your computer and a website. The attacker can decrypt sensitive data while letting you believe your connection is still secure.

SSL stripping

SSL stripping is where an attacker downgrades the connection to a website from secure HTTPS to insecure HTTP. The attacker can redirect all traffic between your computer and the website via their own proxy server. This allows them to decrypt sensitive data while letting you believe you’re still connected via HTTPS.

Run checks

  • To check the Wi-Fi network you are connected to, tap Check Wi-Fi.
  • To automatically perform network checks in the background, turn on Background check. This runs a check every time the device connects to a Wi-Fi network.