Wi-Fi Vulnerabilities: Advances and Incidents in 2010
The 802.11n standard was ratified in 2009 and WiFi really took off in 2010, with support showing up in an array of consumer electronic devices. Unfortunately security related issues escalated right along with growing acceptance. Here's a look back at the WiFi security issues that emerged this year.
Virtual WiFi leads to rogue access points: The Windows 7 virtual WiFi capability, or soft AP, became popular in the early part of 2010, with users downloading millions of copies of free programs such as Connectify to exploit feature. But it didn't take long for security experts to see the danger and warn organizations about the possibility of employees creating possible rogue access points using virtual WiFi. These rogue APs can create a hole in your network security and allow an unauthorized user to "ghost ride" into the corporate network. This type of access can be difficult to notice using traditional wire-side techniques, so experts advocated watching carefully for the appearance of rogue APs while upgrading machines to Windows 7.
MiFi gains popularity: Steve Jobs experienced a WiFi malfunction during the iPhone 4 launch in June 2010. An examination after the fact revealed that around 500 mobile hotspot networks were in use, supporting some 1,000 WiFi devices. This incident brought to light the security issues that can crop up from use of MiFi, and experts suggest using dedicated monitoring solutions capable of detecting these unauthorized devices on a 24x7 basis.
Google's WiFi snooping controversy: In the middle of 2010 Google admitted that their cars used to collect Street View information also mistakenly collected payload data from unsecured WiFi networks. Many viewed the act as a privacy breach because the data collected included personal information such as email, passwords, fragments of files, browsed Internet data, pictures, video clips, etc. The controversy was a major black eye for Google but served as a big wake up call for all those WiFi users who still haven't secured their WiFi networks.
Russian spies and peer-to-peer WiFi links: The use of private, adhoc WiFi networks for secret communication came to light when the FBI arrested a group of Russian spies who were using the tools to privately transfer data. Such adhoc WiFi networks set up links between WiFi users without using a centralized WiFi router. Corporations are advised to deploy monitoring tools that can snoop out such connections.
Fake WiFi stealing data from smartphones: Security experts discover that using a smartphone's WiFi capability to access an open or public network can lead to a vulnerability if the user doesn't tell the phone to forget the network. Users that don't follow this advice are in danger of getting trapped into a fake WiFi network by someone with malicious intents. Once trapped, users can end up leaking passwords and other private data, and might be at risk of malware and worms.
Hole196 uncovered for WPA/WPA WiFi networks: The name Hole196 was used for the vulnerability that was uncovered at security conferences in Las Vegas in July by AirTight Networks. The vulnerability was mainly targeted at WPA2 (using AES encryption) WiFi networks configured with 802.1x Authentication mechanism. Before Hole196 showed up, such networks were considered some of the most secure WiFi deployments around. With Hole196, these networks can be subjected to a fatal insider attack, where an insider can bypass the WPA2 private key encryption and 802.1x authentication to scan devices for vulnerabilities, install malware and steal personal or confidential corporate information. Although specially targeted at WPA (AES)/802.1x networks, the vulnerability also applies to the WPA/WPA2-PSK networks.
The folks that found Hole196 say exploiting the vulnerability is simple and the attack isn't detected by traditional wire-side IDS/IPS systems. Being an insider attack, the importance of Hole196 was downplayed by some experts, but reports point out that, with the rise of insider attacks, Hole196 is now considered important. Security experts strongly advocate the use of a comprehensive WIPS solution.
Firesheep turns layman into WiFi hackers: Firesheep, the Firefox extension developed by Eric Butler, was released for public use in late 2010. Since then it has gained tremendous attention because it has almost automated the task of hacking over insecure WiFi networks such as hotspots. With Firesheep and a compatible WiFi client card, a malicious user just needs a single click to see the details of various people in his/her vicinity, visiting their respective accounts on websites (using unencrypted after-login session), such as Facebook, Twitter, Amazon, etc.
Another click and the malicious user can log into these sites, meaning even laymen can become hackers. Security experts remind people to exercise extra precaution while enjoying unsecured WiFi connections. The world is hoping Firesheep's popularity will motivate the popular social network websites to take further steps to protect user security.
Smartphone as WiFi attacker: The year 2010 witnessed the release of many new high end smartphones but these devices are now being seen as active threats. While attackers previously needed to carry a notebook to eavesdrop on WiFi links or launch sophisticated WiFi attacks, they can now perform these tasks using a high end smartphone.
Reviewing the list of WiFi security issues that came up in 2010, it can be expected that 2011 will witness more of the same. With new WiFi attack vectors emerging, corporations will realize they need additional layers of security that can provide active protection.
About the author: Ajay Kumar Gupta is presently working with an enterprise dealing in WiFi security products. He has been in the field of wireless security for more than five years and is a frequent contributor to leading security magazines and blogs. He holds a master's of technology degree from IIT Bombay in India.
Read more about anti-malware in Network World's Anti-malware section.
Product mentioned in this article