“Be careful” goes the standard security advice. Those words alone are enough to raise one’s blood pressure, especially when discussing wireless communications. Caution is, in fact, warranted because there are a great many things to be rightly afraid of with respect to computer security and putting anything on a network, and Wi-Fi only adds to the complexity. This post will review some of the why’s of these risks.
The Nature of Wi-Fi
Wi-Fi is so pervasive one can be forgiven for forgetting how relatively new it is, all things considered. The first version of the 802.11 protocol was released in 1997, with commercial product adoption coming a few years later. Twenty-five years later, there is a generation of computer users that might not recognize a wired Ethernet adapter if they stepped on one, and they can also be forgiven because many laptops don’t even come with wired adapters anymore. Wi-Fi has become the default for network access.
Another thing that is easy to forget is that wireless is based on radio waves. CB Radio, which experienced a public craze in the 1970s and is still in use with truckers today, operates at ~27 MHz. Walkie-talkies operate at 27 MHz and 400-500 MHz. Most Wi-Fi today operates at 2.4 GHz, with newer versions operating at even higher frequencies. It’s the same basic idea of communicating signals through the air, no cables required. Just like magic! And receivers can snatch those signals right out of the air without any vampire taps or cable splicing required. We’ll come back to that point later.
Being On A Network
To be on a network means you can see others and others can see you. This typically also means that there is no firewall in between communication, with all protocols enabled. This is generally a good thing. Let collaboration reign!
Your Wi-Fi Network
Joining devices to a home Wi-Fi network might look something like this: a laptop, printer, phone, perhaps a streaming device (e.g., Roku), and perhaps some Internet of Things (IoT) devices in the home, such as a refrigerator or temperature control. It is important that communication between each of the devices to the wireless router be secured with strong encryption (e.g., WPA2 or WPA3), because as previously stated the signals can literally be snatched out of the air. With such encryption in place, this looks like an efficient high-tech home environment.
But what if there was an adversary on your home network? The adversary would now have network access to all those devices. This allows attempted access not just to any open port or service of your laptop—higher-risk services would include, but not be limited to, 22:SSH, 80:HTTP, 445:SMB, and 3389:RDP—but also to the printer and IoT devices. Printers have been a weak security link for years because people keep forgetting that they have little computers in them. IoT devices might offer high-tech functionality, but as they tend to be designed for personal convenience, they also tend to come with less-stringent security. The risks aren’t just that a bad actor could install bitcoin miners or botnets on your devices, it’s that they can get access to your data (banking, credit cards, personal photos), and to your entire life.
One threat to the Wi-Fi network access could come from using outdated wireless encryption such as WEP. A more likely risk is a weak Wi-Fi network password, such as “network” or “password.” As the saying goes, hackers don’t hack in as often as they just log in.
Public Wi-Fi, Part 1
Joining a public Wi-Fi network overlaps with the previous case. Your device is now visible to others on the network with all the same potential risks as before (e.g., open ports and services) and risk levels increase further if your device is not current on security patches. Instead of the adversary coming to you, you are putting yourself out in public, the risks depending on who your network neighbors are. Remember, you decided that particular email just couldn’t wait.
This attack vector isn’t for the casual hacker, though. It is certainly something that a nation-state or high-end cyber-criminal organization wouldn’t shy from for a high priority target, but it’s not the most common threat for the average person. Still, it’s best to keep devices as locked-down as possible and to stay current on patches.
Network Analyzers
Network engineers used to require physical access to analyze network traffic, but not with Wi-Fi! No need for cable splicing or vampire taps, just snatch signals out of the air. Member-devices of this network could use utilities such as Wireshark to analyze traffic, and any un-encrypted data will show up in such traces.
It is worth noting that even with HTTPS, there are un-encrypted parts of communication such as DNS requests, and the host-name. It’s an unfortunate leakage of information for anyone paying close attention.
The payload of our network traffic is encrypted, though. At least that is secure as far as we know!
TLS Inspection
Most people look at HTTPS in a URL and assume that it works like this…
… with end-to-end encryption from client browser to web-server. HTTPS sort of works like that, except when it doesn’t. It depends especially on which network the communication is occurring, because on most corporate networks today there will be a proxy firewall performing TLS Inspection.
TLS stands for Transport Layer Security, and Transport refers to Level 4 of the OSI reference model. Long story short, TLS Inspection works by effectively performing a “Man in the Middle” routine in the firewall, and the traffic is in the clear ready to be inspected for malware and other potentially inappropriate content to keep the network safe. To be clear, this is happening even though the originating URL is https://. Just how deeply the traffic is inspected and/or stored and analyzed is a matter of organization/corporate policy, and whomever is administering the proxy.
An extreme version of this is the Great Firewall of China. That involves a lot more than TLS Inspection, but you get the idea.
Virtual Private Networks
Virtual Private Networks, or VPNs, interfere with things like TLS Inspection. This is why most organizational/corporate firewalls will disable their usage. VPNs are a “great security feature” or a “security problem” depending on one’s perspective.
VPNs are a good idea when using public Wi-Fi though, as they can additionally help reduce the potential traffic “leakage” previously mentioned by network watchers.
Public Wi-Fi, Part 2
Bad actors unfortunately also know a thing or two about web proxies and TLS Inspection. Two potential attack vectors can be the Evil Twin pattern by taking over a valid access point or simply creating an access point called “Free Wireless!” and seeing who joins. Either way, once it has attracted devices, the interception of data can begin as the bad actor is now operating as the Man In The Middle.
There should be some telltale signs that something is slightly amiss with website certificate errors such as this…
… and clicking past these warnings can create a very dangerous situation for the user because everything transmitted—emails, bank information, social media, and plenty of passwords—will all be in the clear.
Not to diminish the importance of prior advice about device patching, but this kind of trawling is a lot easier for hackers. Take website certificate errors seriously.
The Risks Of Being Human
On top of everything already mentioned in this post, here is some standard security advice that never goes out of style because humans are, more often than not, the weakest link in computer security:
1. Be Careful With Your Inbox
a. Clicking on website URLs in email—“phishing” still ranks as a top security risk.
b. Clicking on website URLs from text message—“smishing” texts with URLs to potentially compromise your mobile device (which is also likely connected to your home Wi-Fi).
c. Clicking on website URLs from social media applications
d. … especially when any of these are unsolicited.
2. Be Careful With Web Browsing
a. Don’t click past Website certificate errors.
3. Avoid Password Re-Use
a. Don’t the same password for shopping, banking, and email services.
b. If one service gets compromised attackers can’t immediately use the same password on another service.
c. A password manager can help with this.
4. Use Strong Passwords
a. Pass-phrases (e.g., “word1 word2 word3 word4”) tend to be longer than random characters and still easier to remember.
b. Similarly, a password manager can help with this.
5. Use VPNs, Where Possible
a. Especially if accessing with Public Wi-Fi
6. Be Selective About Public Wi-Fi
a. Do you trust the access point?
Hedy Lamarr
No post about Wi-Fi history would be complete without the required mention of actress and inventor Hedy Lamarr and her work on frequency hopping radio communications in the 1940’s.
That’s Hedy, not Hedley, Lamarr.
References
- Wi-Fi
A. Radio
1. https://en.wikipedia.org/wiki/Wi-Fi.
ii. https://en.wikipedia.org/wiki/Citizens_Band_radio
iii. https://en.wikipedia.org/wiki/Walkie-talkie
B. Security
i. https://en.wikipedia.org/wiki/Wi-Fi_Protected_Access
2. Think Like An Attacker
a. MITRE’s ATT&CK Framework
i. https://en.wikipedia.org/wiki/ATT%26CK
3. HTTPS
a. Are HTTPS URLS Encrypted?
i. https://www.baeldung.com/cs/https-urls-encrypted
4. TLS Inspection
a. Azure Firewall
i. https://techcommunity.microsoft.com/blog/azurenetworksecurityblog/building-a-poc-for-tls-inspection-in-azure-firewall/3676723
b. Checkpoint Firewall
i. https://www.checkpoint.com/cyber-hub/network-security/what-is-network-security/what-is-tls-inspection/
c. The Great Firewall of China
i. https://en.wikipedia.org/wiki/Great_Firewall
5. Public Wi-Fi
a. Wireshark
i. https://www.wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#_live_capture_from_many_different_network_media
b. Evil Twin Attack
i. https://en.wikipedia.org/wiki/Evil_twin_(wireless_networks)
Doug Meil is a software architect in healthcare data management and analytics. He also founded the Cleveland Big Data Meetup in 2010. More of his BLOG@CACM posts can be found at https://www.linkedin.com/pulse/publications-doug-meil
Join the Discussion (0)
Become a Member or Sign In to Post a Comment