Posted by Geraldine Hunt on Tue, Apr 9th, 2019
Every year, attackers find new, innovative ways to break down security barriers and obtain private data. This issue is not only a threat to end users but also to organizations that offer Wi-Fi access. Whether it’s public Wi-Fi or a private wireless network, it’s important to know current security trends so that an organization can take the proper precautions and reduce risk of a data breach.
Insufficient Encryption Configurations
When installing a Wi-Fi hotspot, the administrator has several options for encryption. WEP is extremely outdated and has long been cracked and vulnerable to attackers. If an attacker is able to crack encryption keys, users on the Wi-Fi hotspot are susceptible to man-in-the-middle (MitM) attacks.
When administrators can’t identify weak encryption protocols, it can lead to poor security on a Wi-Fi router. In 2017, WPA2 was cracked and announced as officially insecure. The Wi-Fi Alliance announced its replacement WPA3. Because it’s a new protocol, it’s not available on older routers and isn’t supported by older devices.
Poor Administrator Passwords
Every Wi-Fi router ships with a default password set by the manufacturer. Default passwords are publicly available, and any time the administrator resets the router back to manufacturer defaults, the administrator password is also reset to the default. Some users don’t understand the importance of changing the default password and leave it as is. This leaves a huge vulnerability on the router, leaving an open door for an attacker to remotely manage the device.
With remote access, an attacker can read information that passes over the router’s wireless network or install malware. Usually, an attacker will install malware and make the device a part of a botnet, which can be used to launch DDoS attacks on remote servers.
When you search for open Wi-Fi hotspot connections, a list of available networks is shown in the operating system. The user must choose which connection to use, and there is no way to know if the connection is the legitimate business or a rogue hacker. An attacker can leave an open wireless connection available for anyone to connect and then read information passed through the malicious device. The “evil twin” looks similar to the official public Wi-Fi network, but it’s not. For this reason, users should always verify that the Wi-Fi they are connecting to is the legitimate source by asking an employee for the hotspot name.
Once a client is connected to an evil twin, an attacker can easily eavesdrop on its signal to hijack the device’s communications. The attacker can monitor traffic, steal credentials or redirect clients to malicious websites to either download malware or capture online credentials to fake sites.
VPN for Better Protection
VPN tunnels data from the user’s computer to the host server. Users on public Wi-Fi have no assurance that the administrator configured security properly. Should the router have vulnerabilities exploited by attackers, one of the many ways users can protect themselves is to always use VPN on public hotspots.
Using VPN with public Wi-Fi adds a layer of protection to users. Suppose the administrator has poor encryption protocols configured. Any users connecting to the Wi-Fi hotspot is subject to any poor security, but this issue can be overwritten by using a VPN. When you use a VPN to connect to Wi-Fi, data is “tunneled” when it’s transferred over the network. Should an attacker be able to crack the private key, they still wouldn’t be able to read data in cleartext because it’s encrypted with VPN protection.
Disable Auto-Joining Wi-Fi Networks
Smartphones have the option to auto-join free public Wi-Fi networks when one is in range. This saves the smartphone user money since they don’t use their data plan. Detecting Wi-Fi availability joins the smartphone to the network and uses it to transfer data, taking it off the cell phone’s data plan. This works well when the connection is trusted, but it’s dangerous when the wireless network is untrusted.
When not at home, users should disable auto-join on their mobile devices. This will protect them from accidentally connecting to a malicious network that can be used to steal credentials, private data, and any information sent over cleartext channels.
Always Use Content Filtering
For organizations that provide public Wi-Fi, content filtering protects users from malicious phishing emails and attacker-controlled websites. Attackers assume that public Wi-Fi is less secure and take advantage of vulnerabilities. Phishing is one way they can gain access to credentials. Attackers send emails to users and trick them into sending credentials to the attacker on a malicious site.
Content filtering blocks these malicious sites using DNS-based blocking. Users may click the link, but the network blocks access to the site. This can be configured by the administrator, and it can protect both the organizations and users on the network.
Understanding the basics of Wi-Fi security and the trends helps administrators deal with ongoing attacks. Users can also take advantage of knowing the latest in wireless vulnerabilities and protect themselves from common exploits. Security should be the first thing both administrators and users consider when working with Wi-Fi hotspots.
Talk to one of our security experts today about securing your public Wi-Fi to prevent costly and damaging attacks.