According to Cisco’s 2016 VNI report, Wi-Fi now accounts for 60 percent of all connections to the internet and they estimate that the number of public Wi-Fi hotspots worldwide will grow to 540 million in 2021. But with more and more people connected to the internet wirelessly, the risk of digital attacks increases as well.
Ryan Orsi, Director of Product Management at WatchGuard Technologies, recently wrote an article in Cyber Defense Magazine titled The Anatomy of a Wi-Fi Hacker in 2017. In it, he unpacks the various ways a hacker might attack an innocent Wi-F user, or infiltrate a Wi-Fi network such as a man-in-the-middle attack (MitM), a Karma attack or by using a tool like Hack5’s Wi-Fi Pineapple.
Ryan also explains the OSI model and how most major, headline-grabbing security breaches are application or layer 7 attacks. But most Wi-Fi hacks take place at layer 2 in the OSI model, the data link layer, and are much more difficult to track. Companies notice when Yahoo loses another billion user account identities or Ashley Madison gets breached, but hackers using fake Access Points skim people’s credit card information every day around the world with no one the wiser.
A brief excerpt from the article:
If using public Wi-Fi exposes the public to a variety of security risks, and the MitM attack is the root of most Wi-Fi evil, what’s the solution? VPNs (Virtual Private Networks) can make connecting safer, but not everyone knows how to use a VPN and it relies on the end-user taking action.
Passwords on SSIDs can also help, but the four-way WPA2 handshake is easily decrypted in minutes by GPU accelerations or other resources on the dark web.
What’s the answer?
In part two of this series titled “Defending You Airspace,” I’ll explain how organizations can use the latest technology to provide secure public Wi-Fi, and take the end-user our of the “security equation.” In the meantime, be diligent when at the local mall or coffee shop.
Read Ryan’s full article on Cyber Defense Magazine and keep an eye out for part two of this series. Additionally, you can find some best practices on staying safe while surfing the web via public Wi-Fi during the holidays here from WatchGuard, Information Security Threat Analyst, Marc Laliberte.