The 2018 RSA Conference earlier this month attracted some of the top security researchers and vendors from around the world, but even this highly security-conscious audience couldn’t help falling for a simple public Wi-Fi hack. To demonstrate how easy it is to conduct these attacks, the WatchGuard team set up a honeypot access point (AP) at our RSA booth offering a free, open Wi-Fi network for attendees. Our Director of Strategic Alliances and resident Wi-Fi expert, Ryan Orsi, wrote a guest article about the experiment for Help Net Security.
Out of 16,621 visitors that stopped by the WatchGuard booth, 30 percent spent anywhere between five and 15 minutes connected to our honeypot AP. A typical Wi-Fi man-in-the-middle attack takes less than two minutes, so if a malicious actor had set up a similar access point, they could have easily stolen information from a third of our booth attendees in the time they spent browsing our displays and talking to our security experts. (Of course, our AP did nothing except provide secure internet access; we simply put it in place to show how many people will allow their devices to connect to unknown networks).
So what should these attendees have done instead? Here’s an excerpt from Ryan’s article listing some simple best practices to keep business travelers safe on public Wi-Fi:
- Don’t connect to public Wi-Fi SSIDs if multiple variations are broadcasted – this is not normal for a legitimate business.
- When you need to access something such as your bank account or a confidential corporate report, consider disabling Wi-Fi and using your 4G connection. Once you’ve wrapped up the confidential task, feel free to hop back on Wi-Fi.
- Clear your saved Wi-Fi network names from each of your devices and consider disabling the “auto-connect” feature in your device settings.
Many of RSA’s talk-tracks this year focused on wireless threats, which isn’t surprising if you consider how common Wi-Fi is today. As more businesses and cities offer free public Wi-Fi, they should be aware of Wi-Fi hacking risks, and take the necessary steps to protect themselves and their users.
Read Ryan’s full article on Help Net Security and learn more about wireless security best practices here on Secplicity. Also, check out WatchGuard’s Daily Security Bytes from RSA for video recaps of each day of the show, including a fascinating presentation by WatchGuard Threat Analyst Marc Laliberte on Ethereum blockchain security.