Most smartphone users assume that cellular data networks are more secure than unknown Wi-Fi. In general they’re correct (and we still advise people to use their cellular data rather than an unknown or public Wi-Fi network when accessing sensitive information on a mobile device)! But, as the 5G rollout progresses, more and more cellular users will be exposed to Wi-Fi security threats via a process called Wi-Fi offloading. There are also weaknesses in 5G traffic itself that can be exploited by a determined attacker. Our Director of Product Management for Wi-Fi, Ryan Orsi, wrote a guest article for Network Computing explaining what these processes are and what 5G and Wi-Fi users need to know about them.
Thanks to the public’s ravenous demand for bandwidth on smartphones and tablets, a large portion of “cellular” traffic is actually offloaded to nearby Wi-Fi networks to help equalize the load. When a device is in range of a Wi-Fi access point configured for this (called Hotspot 2.0 or Passpoint) the connection seamlessly moves to Wi-Fi without any visible change on the user’s device. This is common in large public areas like sports stadiums, malls and airports. 59% of 4G traffic is offloaded now, and Cisco predicts that 71% of 5G traffic will be offloaded. This means these connections can be exposed to common Wi-Fi attacks, like the Evil Twin attack where a hacker sets up a duplicate of a legitimate access point and eavesdrops on the data of anyone that connects to it. Here’s an excerpt from Ryan’s article explaining this issue in more detail.
Attackers primarily eavesdrop and intercept Wi-Fi traffic via man-in-the-middle positions and are constantly looking for easy ways to steal valuable information, like user credentials for a juicy target like cloud-based HR sites, email, or online shopping and travel sites. For example, if a 5G user has their cellular connection offloaded to an Evil Twin AP mimicking a legitimate Passpoint AP, then the attackers have full visibility into the data stream they thought was private and secured via cellular technologies.
Offloaded Wi-Fi is technically supposed to be protected by enterprise versions of the WPA2 or WPA3 security protocol. However, both of these encryption methods have suffered serious flaws lately with the KRACK and Dragonblood vulnerabilities, which have exposed fundamental flaws in the system design (although enterprise versions are considered a bit safer). In addition, tools and research are being developed to exploit this protection constantly. Encryption, after all, is supposed to be the last resort of protection for our connections.
Read Ryan’s full article on Network Computing to learn about the other common Wi-Fi attacks that 5G users could be exposed to, and some of the vulnerabilities in 5G traffic itself. Learn more about what WatchGuard does to help solve this problem here and read more about Wi-Fi security standards at https://www.trustedwirelessenvironment.com/what-is-a-trusted-wireless-environment/. There’s also a petition to urge wireless vendors to create a global standard for Wi-Fi, which you can sign here.