VDA Labs’ founder Dr. Jared DeMott as well as Greg Hatcher and Sy VanderMeulen were recently interviewed by WWMT to discuss WIFI security and the risks of using open wireless networks. Many people assume there are no risks in utilizing public wireless networks, however that is not the case.

What are the privacy and security issues relating to using open WIFI networks?

At best, open wireless networks are a privacy concern – it is easy for the operators of these networks to track users. Operators of ‘free’ wireless networks can use their customer data gathered by these networks in any number of ways including tracking users between locations, tracking users within a single location, or even observing browsing habits. This information can then be used for marketing purposes, or even sold to third parties. In other words, ‘free’ wireless isn’t necessarily as ‘free’ as you would think.

Beyond tracking, open wireless networks can pose even deeper security risks. If a network is truly open, with no encryption, such as how many ‘captive portal’ networks are configured, this leaves any traffic that is being transmitted without it’s own encryption open to interception. If the services being used on the open network are not properly secured, Malicious actors can literally pull passwords out of the air in this scenario.

It gets worse, however, since a dedicated attacker can use your (or your device’s) habits of using open WIFI networks against you. Devices such as a WiFi Pineapple, or attacks such as Karma, allow users to gain a “Man in the Middle” position against your device. That leaves the device open to many different types of attacks – such as SSL stripping and ARP poisoning. The result could be the leakage of confidential information such as passwords, social security numbers, or other account details.

How to protect yourself when using unsecured / open WIFI networks

If the services being used on the open network are not properly secured, there are many things you can do to protect yourself:

  • Consider turning off WIFI and Bluetooth connections when not in use
  • Use your phone’s LTE / data connection (with tethering) – it is likely to be more secure than an open WIFI network
  • Wait until you are on a trusted network to conduct any sensitive business (this includes email – since email addresses are often the ‘keys to the kingdom’ of your other accounts)
  • Use a personal VPN connection to protect against snooping from hotspot providers

Businesses should pay extra attention to WIFI Security

The implications for businesses of not taking their wifi security seriously are even worse. Take for example this hypothetical scenario:

Bob the sales guy spends most of his time on the road visiting customers. He prefers to stay at the Welcome INN chain of hotels. Unfortunately one night at the hotel a hacker is in the next room and they are on the same INN-Net wireless network. The hacker decides to use a tool called Responder against Bob’s computer, and pulls a hash of Bob’s corporate password out of the system. The hacker is then able to crack this password hash offline to get the cleartext password! He is then able to connect to Bob’s employer’s remote desktop services and move into their corporate network!

Unfortunately this story is not far from reality. A misconfigured endpoint that is connected to an open WIFI network leaves it open to many different types of attacks. Most open WIFI networks are not configured to protect end users from each-other – called Private VLANs, or user isolation. This lack of protection allows for attacks against the clients such as Responder attacks, other arp poisoning, and even direct exploitation of the endpoint if it is vulnerable to attack. It is also possible for sophisticated attackers to create a spoofed network that user’s devices think is your legitimate corporate network, and then the system will attempt to authenticate to the network, giving away your password hash in the process!

As a business, you should be doing the following:

  • Ensure that a VPN connection is used when using any untrusted network
  • Verify that your VPN configuration protects against attacks against the system itself, in addition to the data in transit
  • Make sure that your devices use authentication to verify networks that they are connecting to are legitimate ones
  • Getting a wireless penetration test from a team of experts like VDA Labs would help identify WIFI security issues

For further help please email: info@vdalabs.com to learn more about our end-to-end cyber security services and products (compliance, IR retainer, Soc-as-a-Service, product review & software testing, Fuzzing/Exploits, etc).

The news segment is found below and you can read more about wireless security on WWMT’s website.