If you have read our recent Internet Security Report you will see there is a rise in probe requests over public Wi-Fi. Penetration testing tools are getting more sophisticated, it’s becoming easier for cyber criminals to eavesdrop and steal personal information from people over Wi-Fi.
If we look at the original Mark I pineapple from Hak5 when it was first released, it was primarily driven by command line Linux and no plug and play. With the advancement in technology, the latest Mark VII is much easier to use. Does this mean we are now going to see a rise in Wi-Fi hacking? The simple answer is, yes! It’s not just the Wi-Fi Pineapple that hackers use, there is other new toys that are much smaller that will disrupt any Wi-Fi signal where it is turned on.
Let’s look at pwnagotchi for example. It’s a small unit whose sole job is to capture Wi-Fi handshakes so that they can be decrypted later for SSID passwords. So, as a security expert, what can you do to protect yourself and your customers?
First, we need to be looking at how we secure our Wi-Fi and tune it so that it is only used by the correct people (no more the Jeremy Clarkson Wi-Fi FULL POWER!!!). We should actually ask ourselves why do we need Wi-Fi? Who will actually use it? Businesses went from allowing Wi-Fi only to be used by visitors and guests to now allowing all the employees to connect to it even when the building is securely set up with a wired network.
With new Wi-Fi standards coming out (Wi-Fi 6 and Wi-Fi 6E), we need to look at ways to improve Wi-Fi security. There is a hope that with Wi-Fi 6 and WPA3 this will actually solve many of the issues that we have currently with WPA2; however, it still does not provide protection from the six known Wi-Fi threat categories.
To help reduce Wi-Fi vulnerabilities, we’re asking all of you to join the Trusted Wireless Environment movement and advocate for a global security standard for Wi-Fi.
There is a small problem with WPA3, it has already been compromised with the Dragonblood vulnerability. The vulnerability was discovered before the final WPA3 spec was released to the market and we understand that the root cause of the vulnerability is related to downgrading the security of the connection to WPA2 and taking advantage of known vulnerabilities. You might think that this won’t be a problem because we all expect network administrators will not only upgrade all the access points, but they will also upgrade all the client devices connecting to Wi-Fi so they can run a pure Wi-Fi 6 network with WPA3 only. In order to achieve this upgrade, it’s not only the clients and access points that will need upgrading, but the rest of the network infrastructure will also need to be upgraded to support multi-gigabit Ethernet connectivity.
So, is WPA3 really the miracle to protect us? I believe that there isn’t a single layer of security that can protect us from everything but designing the Wi-Fi network with WPA3 in mind to boost security is common sense. The biggest problems with Wi-Fi is when network administrators have everything set to the default settings and have radio power turned on to the max. This means network administrators are transmitting their SSID further than they really need to. Do you really need to have that Wi-Fi network transmitting in the car park? I would say most of the time, the answer is no. Also do you need to be broadcasting the Wi-Fi network on all APs 24×7? Again, in most businesses the answer is no, so schedule the Wi-Fi network to be enabled only when you need to have it on. As for guest Wi-Fi, when was the last time the password was changed? How many of you have gone to a customer site where the guest password is available for everyone to see and connect to, and when you go back a year later your laptop auto-connects! Now you may think you are being good by not telling everyone about the guest password to that network, but once I walk out that door I only have to run a small command on my laptop to see the magic password of ‘ThisIsTheGuestNetwork!”. Now the best way to avoid this situation is by using a voucher limited to four hours of use. But whatever system you go for, make sure you segregate the guest and corporate traffic with VLANs, to block exposure of corporate resources or even direct guest traffic out through a different Internet line.
Even with all the above advice (and there is plenty more), there is no way to deny that Wi-Fi probing attacks are becoming more sophisticated and ubiquitous as the technology gets easier to use and more users move to wireless technologies. I always think of Wi-Fi probing as the dirty hack of the family. It is the hack that we all know is going on, but no one wants to talk about, because we all love Wi-Fi but don’t want to admit that there is a problem with it. If more of the general public knew how vulnerable Wi-Fi can be, there would be an uproar. So, until we have an ‘Edward Snowden’ moment it will be our dirty secret.