s technological changes accelerate we can expect them to continue to rapidly impact our lives both now and in the years and decades ahead. Most of us now take rapid technological improvement in the products and services we use for granted. We rapidly move from having “nice add-ons” to those same features becoming expected. Wi-Fi, for example, is just such a feature. Not too many years ago, hotels were charging for wireless internet access, which was perceived as an add-on extra to a room charge. Thus, hotels/motels, restaurants, and transport companies looked to Wi-Fi as an additional revenue stream.
Now, Wi-Fi is an expectation on the part of customers … wherever we go. As the use of Wi-Fi increases, so do accompanying threats.
Let’s look at how easily a public Wi-Fi network can be breached. In 2016, an Israeli hacker successfully took over the free Wi-Fi network of an entire city. On his way home from work one day, Amihai Neiderman spotted a wireless hotspot that he hadn't seen before. It was advertised as "FREE_TLV," which is part of the citywide free Wi-Fi network set up by the local administration of Tel Aviv. Neiderman wondered how secure the network might be.
He connected to the network through one of the access points and checked what his new internet protocol (IP) address was. This is usually the public address assigned to the router through which all Wi-Fi clients access the internet. He then disconnected and scanned for open ports. He found that the device was serving a web-based login interface through port 443 (HTTPS).
After thorough analysis, he didn’t find any basic vulnerabilities. He looked further. Eventually he found a buffer overflow vulnerability that could be exploited to take full control of the device. This case shows that skilled hackers potentially could attack thousands or tens of thousands of users by compromising large public Wi-Fi networks.
The same year began with a bang, in the form of the attack on USA Today’s technologist writer Steven Petrow. When on an American Airlines flight, he was working on an article about the dispute between the FBI and Apple, with the FBI attempting to force Apple to unlock an iPhone, and Apple refusing to do so. Petrow was using the fee-based, in-air Gogo Wi-Fi service and had mistakenly believed he was safe.
After landing, Petrow was approached by a man in the airport terminal, who announced that he had hacked Petrow’s files while on the same flight with him. The reason given by the unknown hacker was that he wanted to give Mr. Petrow the perspective of what it feels like to have personal information accessed, without giving permission. This would be one of the outcomes of story Petrow was working if Apple complied with the FBI.
In July of the same year, it was reported that seemingly benign items, such as toasters, irons, dashboard cameras, the small appliances, cell phones, and other electronics were found to contain a Wi-Fi chip that spread malware. Interestingly, Russian officials, who first discovered the chips in items imported from China, found the chips due to a small variation in the physical weight of the items rather than through electronic means.
Appliances and devices with these chips are able to discover and compromise unsecured Wi-Fi networks up to 200 meters away. Once a network becomes infected, hackers are able to steal information, spread malware to computers on the network, or use the network to spam or launch denial of service (DoS) attacks. All this from your toaster!
Later in the autumn, it was found that passwords for as many as 55,000 wireless routers, provided by U.K. ISP Talk Talk, were easily available to hackers. Most customers never change the password from the default supplied with the router. Having stolen the default passwords for routers, hackers were then able to attack customers’ networks, although the hackers must be within signal range to do so, limiting to a large degree how many attacks have taken place to date.
Kaspersky reported in November 2016 that more than a quarter of public Wi-Fi hotspots, from around the world, were unsecured and posed an enormous threat to any user’s data. One-quarter of the networks used no encryption whatsoever. Skycure announced at the beginning of the Christmas shopping season that 10 of the busiest malls in the USA had five or more risky Wi-Fi networks, which included several evil-twin networks. A fashion mall in Las Vegas, itself, had 14 risky networks.
Cybercriminals can get access to poorly configured Wi-Fi networks – sometimes because of vulnerabilities in routers. For this reason, open and unfiltered Wi-Fi networks at an airport, coffee shop, restaurant, or hotel can put you at risk. Hackers can monitor your activity, see what sites you’re visiting, and in some cases track your activity to snatch passwords to bank accounts and other important sites requiring a login.
If they know what they’re doing cybercriminals will set up a fake or duplicate network relatively easily. They then make their network look like the official Wi-Fi for that location, then using the fake network to spy on everything you do – whether it is your Facebook, Linkedin, banking, or email account password. To repeat: using an unprotected wireless network is risky.
Free Wi-Fi is a boon to any traveler. For those people unaware of the dangers, however, these hotspots can be a danger zone. Hackers looking for some business data can hang out at random public Wi-Fi spots and deceive users into using the hacker’s private hotspot instead of the official one offered by the establishment.
You probably have a data plan with your cellular provider that allows you to create a hotspot with your phone. You then connect your smartphone/hotspot to your tablet or laptop and use the data plan to give you internet access. When you connect your device, you connect in the same way you use a home Wi-Fi connection. You see the name and connect to it, and sometimes you need to enter a password.
With public Wi-Fi, you do the same. You connect to the hotspot by name, and then you enter a password if it asks for one. Most people connect to whatever Wi-Fi name makes sense. For instance, if you're sitting at a coffee shop, i.e., Starbucks, you connect to a hotspot with the name Star1234 and think nothing of it. However, what if Star1234 was actually the smartphone hotspot created on an attacker's smartphone? You've just connected to an attacker’s network, and from there he can read your data, including passwords and other sensitive data.
This is called a "man in the middle" attack because you use the attacker's hotspot to access the internet, and the attacker reads data as you pass it from your PC to the intended recipient. It's a common way to gain access to corporate accounts, aside from the popular phishing attacks.
Before you write off that type of hacking as unlikely, note reports that thousands of hotspots are targets for hackers. Even more threatening is that 34% of users are said to take no extra precautions when accessing a public Wi-Fi hotspot. This means that many users connect to insecure hotspots and browse banking details, login to corporate accounts, and view sensitive data that should never be accessed via public hotspots.
A man-in-the-middle attack is not the only method to get sensitive data. Hackers can also eavesdrop with a sniffer, which means any unencrypted data is available to the attacker.
It's difficult to defend against these attacks because there are no real warning signs. The biggest defense is to ask personnel at a particular hotspot for the hotspot’s name. This means you know exactly which hotspot name is the right one. Be careful of slight variances, because attackers can use a single digit or letter difference to trick users. Next, don't browse sensitive sites, such as that of your bank, or shop online where you enter private data. Save these browsing habits for safe, private networks. If you absolutely must access a work-related site, always make sure you are using an encrypted connection.
Finally, some public Wi-Fi hotspots ask for you to login. Always ensure that the site is affiliated with the establishment and never use a password that you use with other personal shopping or banking sites. If any password is sniffed, it is only useful to the attacker if it's used somewhere else.
No matter if you are a small neighborhood coffee shop, a hotel, or a school system, you have most likely dealt with the dilemma of how best to provide guest wireless networking to your customers and visitors. Because wireless has become ubiquitous today, people expect it to be offered at just about any establishment they patronize. Doing so effectively can be a value-added service that can attract more customers, keep them lingering longer, and separate you from your competitors. But, providing wireless also means having to find the right compromise to alleviate two major concerns:
Finding the right balance to address these issues is important. Although you want to deliver added value to your customers, you don’t want to do so at the expense of your core business. The last thing you want is to have your IT personnel or front-line employees besieged with complaints and questions about your guest wireless, and thus occupying their time with no revenue-generating tasks.
Here are some tips on how to find get it right when it comes to guest wireless.
First, ensure that your wireless router/access point can service multiple SSIDs. Most any recently purchased model will meet this requirement. Next is the issue of how to isolate your guest users to prevent them from accessing internal resources that only your employees should have access to.
The good news is that you don’t have to be an IT guru to perform the configuration. Many wireless routers targeted toward the SOHO market provide point-and-click guest wireless configuration. It may be worded as a guest SSID, a guest zone, or even a guest portal. Either by default or by an included checkbox, you can ensure that this network is isolated from your primary network. Some wireless routers also have a wireless isolation feature that, when enabled, will also prevent clients connected to the guest Wi-Fi from communicating with your internal network with other client devices. The only downside to this is that customers won’t be able to partner with one another playing games.
For larger organizations, such as a hospital or K-12 school, you most likely will have to go with a more advanced solution because you will need multiple access points to provide coverage for the guest network. This will entail some type of VLAN or EoIP tunnel configuration by which all traffic is then routed directly out to the internet. Details of this process are beyond the scope of this article.
The next step is to create an SSID. Although it is easy simply to go with the default SSID name, you should customize the name of your SSID in a manner that identifies and associates it with your business. By doing so, customers and guests don’t need to guess with which SSID to connect, thus preventing them from accessing a rogue access point and exposing themselves to a man-in-the-middle attack.
You also should enforce WPA2 encryption through the use of a shared key, which should be posted in a visible manner for your guests and customers to see. In the case of a hotel or hospital, the key can be written or printed on the door key or guest pass. Requiring a pre-shared key can reduce DoS risk and discourage outsider probing. It also prevents packet sniffing so your users can surf the web safely and securely.
If possible, you need to allow wireless access only to your customers and legitimate guests. You should take advantage of any sort of scheduling option offered by your wireless management device. Hackers are always seeking unsupervised wireless access points where they can conduct their malevolent deeds. One way to prevent this is by restricting wireless access to business hours only. This should be implemented for your internal wireless network as well. Some vendors’ wireless router/access points offer the ability to change the power settings so that the SSIDs are not broadcast beyond the physical boundaries of your building. Allowing out-of-site access again opens up your network to hackers and malicious activities.
Even if you take the necessary steps to isolate your guest network from internal resources, users of this network still have potential direct access to your wireless infrastructure. It is essential to change the default administrator login credentials that include the username and password. The administrator password is no less than an 8-character password (although a 14-character password is recommended) with a combination of:
No discussion about wireless provisioning for Internet access is complete without the mention of content filtering. If your business promotes a family environment, then content filtering is a must in order to forbid questionable content on your establishment. There is another reason, however, that is just as important. The Internet is littered today with sites that are managed by cyber criminals either to distribute malware or to spoof such legitimate sites as financial institutions. By providing web filtering, you not only protect your customers from cyber threats, but you protect your entire network as well.
With the deployment of WebTitan Cloud for Wi-Fi, administrators can exercise the granular control necessary to safeguard the assets of their network, and the devices and data of users. Installation is super-fast and easy, with no hardware or software required, because it is cloud-based.
To learn more about what this powerful and scalable solution can do for your wireless network and to take advantage of our free-trial offer, email us at firstname.lastname@example.org.