Many businesses have moved from wired to wireless technologies which has had a negative impact on their security posture. Wired networks are easier to secure than wireless networks, and if vulnerabilities exist they can be exploited by cybercriminals. Because of these security flaws, and the ease of exploiting them, wireless networks attacks are common. In this post we explore some of the common wireless network attacks and offer advice on simple steps that can be taken to secure wireless networks and prevent costly data breaches.
Wi-Fi is Ubiquitous, Yet Many Businesses Neglect Security
Wi-Fi access used to be something you had to pay for, but now free WiFi is something that is taken for granted. Visitors to a hotel, coffee shop, bar, retail outlet, or restaurant now expect WiFi to be provided. The decision to use a particular establishment is often influenced by whether free WiFi is available, but increasingly the quality of the connection is a factor in the decision process.
The quality of the WiFi on offer is not just a question of there being enough bandwidth and fast internet speeds.
Parents often choose to visit establishments that provide secure WiFi with content control, such as those that have been verified under the Friendly WiFi scheme. In order to be accredited under the scheme, businesses must have implemented appropriate filtering controls to ensure that minors are prevented from accessing age-inappropriate material. The massive rise in cyberattacks via public WiFi networks has seen many consumers choose establishments that offer secure WiFi access.
If you run a business and are providing WiFi to customers or have yet to provide WiFi and are considering adding a WiFi hotspot to attract more customers, be sure to consider the security of your network. The past couple of years have seen many major attacks on WiFi networks and customers who use wireless services.
Some of the most common wireless network attacks are detailed below.
What are the Most Common Wireless Network Attacks?
Some of the most common wireless network attacks are opportunistic in nature. Businesses that fail to secure their WiFi networks leave the door wide open to scammers and hackers who would otherwise look for easier targets. Those scammers are happy to take advantage of poor security controls to steal sensitive information from WiFi users and distribute malware. Unsecured WiFi networks are also targeted by sophisticated cybercriminals and organized crime groups to gain a foothold in the network. The attacks can be extremely lucrative. If malware can be installed on POS systems, the credit/debit card numbers of tens or hundreds of thousands of customers can be stolen.
Fake WiFi Access Points, Evil Twins, and Man in the Middle Attacks
Visitors to hotels, coffee shops and malls often connect to the free WiFi on offer, but various studies have shown that care is not always taken when connecting. Customers often choose the WiFi access point based on the name without checking it is the wireless network set up by a particular establishment for customer use.
Criminals can easily set up fake WiFi access points, often using the name of the establishment in the SSID name. Calling it ‘Free Airport WiFi’ is a common ploy to get people to connect. When customers connect to these rogue WiFi networks they can still access the Internet and are likely to be unaware that anything is wrong. However, everything they do online is being monitored by cybercriminals. Sensitive information entered online, such as email addresses and passwords, credit card numbers, or banking credentials can be stolen.
How is this done? The attacker simply creates a hotspot on a smartphone and pairs it with a tablet or laptop. The hacker can then sit in the coffee shop drinking a latte while monitoring the traffic of everyone that connects. Alternatively they can use a router with the same name and password as the one currently in use. This may also have a stronger WiFi signal, which may see more people connect to it but it is an “evil twin” through which man in the middle attacks occur – the interception of data sent over the network.
This is one of the most common wireless network attacks and it is surprisingly effective. One study indicated more than a third of WiFi hotspot users take no precautions when accessing WiFi hotspots and frequently connect to unsecured networks.
Packet Sniffing: Interception of Unencrypted Traffic
Research by Kaspersky Lab in 2016 showed more than a quarter of public Wi-Fi hotspots set up in malls were insecure and lacked basic security controls. A quarter did not encrypt traffic at all, while research conducted by Skycure showed that five of the 10 busiest malls in the USA had risky WiFi networks. One mall in Las Vegas was discovered to be operating 14 risky WiFi access points. Hackers can use programs called packet sniffers to intercept traffic on unencrypted WiFi networks. These common wireless network attacks are easy on older routers, such as those using WEP encryption. WPA offers better security, although as a minimum WPA2 should be used, or better still, the recently released WPA3. Packet sniffing is one of the most common wireless network attacks.
Examples of WiFi Network Attacks
Listed below are some examples of common wireless networks attacks that have resulted in the installation of malware or theft of sensitive information. These attacks could easily have been prevented had appropriate security controls been implemented.
Tel Aviv Free WiFi Network Hacked
One notable example of how easy it can be for a hacker to take over a WiFi network comes from Tel Aviv. Tel Aviv offers a city-wide free WiFi network, which incorporates basic security controls to keep users secure on the network. However, it did not prove to be as secure as city officials thought.
While commuting home, Tel Aviv resident Amihai Neiderman noticed a new WiFi access point had appeared. The FREE_TLV access point was provided by the city and Neiderman decided to test its security controls. After determining the IP address through which WiFi clients accessed the Internet, he disconnected, scanned the router, and discovered the web-based login interface was run through HTTPS port 443.
While he found no major vulnerabilities, after extensive analysis he identified a buffer overflow vulnerability which he successfully exploited to take full control of the router. By doing so, if he was so inclined, he could have intercepted the traffic from tens of thousands of users.
Toasters Used to Hack Unsecured WiFi Networks
Perhaps not one of the most common WiFi network attacks, but notable none the less due to the rise in use of IoT devices. IoT capability has been incorporated into all manner of devices from toasters to washing machines. These devices can be vulnerable to supply chain attacks – Where hardware is altered to allow the devices to be used to attack WiFi networks. In 2016, Russian officials discovered chips imported from China had been altered and were being used to spread malware that could eavesdrop on unsecured WiFi networks from a range of 200 meters. They were used to infect those networks with malware that could steal information.
In Flight WiFi Network Hacked from the Ground
Cybersecurity expert Ruben Santamarta has demonstrated it is possible to hack into airline WiFi networks from the ground and view the internet activity of passengers and intercept their information. More worryingly, he was also able to gain access to the cockpit network and SATCOM equipment. He claims the same technique could be used for ships, industrial facilities and even military installations. He explained how he did it in his “Last Call for SATCOM security” presentation at the 2018 blackhat hacker conference.
WiFi Networks Used to Gain Access to Business Data
Creating a WiFi network for guests is simple. Ensuring it is secure and cannot be used for attacks on the business network or customers requires more thought and effort. Any business that allows customers to make purchases using credit and debit cards is a major target for hackers and poor WiFi security is likely to be exploited sooner or later. The past few years have seen many major attacks that have resulted in malware being installed on POS systems. These are now some of the most common wireless network attacks.
How Can Businesses Prevent the Most Common Wireless Network Attacks?
How can businesses protect against some of the most common wireless network attacks? While it is difficult to prevent the creation of fake WiFi hotspots, there are steps that can be taken to prevent many common wireless network attacks.
Isolate the Guest Network
If your business network is not isolated from your guest WiFi network, it could be used to gain access to business data and could place your POS at risk of compromise. Use a router that offers multiple SSIDs – most modern routers have that functionality. These routers often have a guest SSID option or separate guest portal. Make sure it is activated when it is deployed. Alternatively, your wireless router may have a wireless isolation feature which will prevent WiFi users from accessing your internal network and other client devices. If you require multiple access points throughout your establishment, you are likely to need a VLAN or EoIP tunnel configuration – A more complicated setup that will require you to seek professional advice on security.
Encrypt WiFi Traffic with WPA2 or WPA3
If you have an old router that does not support WPA2 encryption its time for an upgrade. WPA2 is the minimum standard for WiFi security, and while it can still be cracked, it is time consuming and difficult. WPA3 has now been released and an upgrade should be considered. You should also make sure that WPS is turned off.
Update Firmware Promptly
All software and devices contain vulnerabilities and require updating. Software should be patched and devices such as routers will need to have their firmware upgraded when new versions are released. Check your device manufacturers website periodically for details of firmware updates and ensure your device is updated.
Create a Secure SSID
Your router will have a default SSID name, but this should be changed to personalize it to your business. If you make it easily identifiable, it will reduce the potential for rogue access points to be confused with your own. Ensure that you enforce WPA2 encryption with a shared key and post that information for your customers along with your SSID in a prominent place where they can see it.
Restrict WiFi Access
If your wireless router or access point is too powerful, it could be accessed from outside your premises. Choose a router that allows you to alter the strength of your signal and you can ensure only your customers will use your connection. Also ensure that your WiFi access point is only available during business hours. If your access points are left unsupervised when your business is closed, it increases the risk of an attack.
Secure Your Infrastructure
Administrator access can be abused, so ensure that your login name and your passwords are secure. If the default credentials are not changed, it will only be a matter of time before they are abused. Change the username from ‘admin’ or any other default username. Set a strong password that includes upper and lower-case letters, at least one number, and a special character. The password must be at least 8 characters although more is better. Alternatively use a 14-character+ passphrase.
Use a Web Filter
A web filtering solution is an essential protection for all WiFi networks. Web filters will prevent users from visiting websites and web pages that are known to have been compromised or have been confirmed as malicious. This will protect your customers from web-based threats such as drive by downloads, exploit kits and phishing. A web filter will also allow you to prevent your network from being used to download or view unacceptable content such as pornography and lets you control bandwidth usage to ensure all customers can enjoy decent Internet speeds.
TitanHQ offers a scalable, easy to deploy, granular web filter for WiFi networks. WebTitan Cloud for WiFi requires no hardware purchases or software downloads, and being 100% cloud-based, can be managed and monitored from any location.