While protections and awareness around WiFi connectivity has certainly matured over the last decade, several pieces of research over the last month serve as a reminder of how user behavior and vulnerabilities in new mobile technologies ensures that the industry will never quite lick the inherent insecurity of public WiFi hotspots.
Among them was the announcement last week at RSA from mobile security start-up Skycure, which explained how a WiFi vulnerability in iOS 8 can put Apple devices at risk of a DDoS attack from a malicious WiFi hotspot, essentially rendering them unusable.
"Basically, by generating a specially crafted SSL certificate, attackers can regenerate a bug and cause apps that perform SSL communication to crash at will," wrote Yair Amit, CTO for Skycure, in a post on the vulnerability. "An even more interesting impact of the SSL certificate parsing vulnerability is that it actually affects the underlying iOS operating system. With heavy use of devices exposed to the vulnerability, the operating system crashes as well. Even worse, under certain conditions, we managed to get devices into a repeatable reboot cycle, rendering them useless."
When combined with attacks that have bad guys creating their own malicious networks and forcing external devices to automatically connect to them, such as WiFiGate, this vulnerability could be used to create what Skycure calls a 'No iOS Zone' attack.
"Envision a small device, which automatically captures any iOS device in range and gets it to join a fake network. Then, it issues the attack and crashes attacked iOS devices again and again," Amit says. "Victims in range cannot do anything about it. Think about the impact of launching such an attack on Wall Street, or maybe at the world’s busiest airports, or at large utility plants. The results would be catastrophic."
As Tod Beardsley, engineering manager for Rapid7 explains, this attack vector offers another indication of why users should be wary of "default behavior of a casual hotspot association" with our smartphones. While users might be aware of the dangers of WiFi via laptops, they may still be less cautious with their phones.
"Smartphone users should take care with how they associate to wifi, especially unsecured, open access points. Attackers can carry out more subtle attacks, such as DNS poisoning and DNS hijacking, which can expose private, personally identifying information," he says.
Meanwhile, at the end of March, researchers with Cylance discovered a whopper of a vulnerability in routers commonly used to create hotel WiFi networks. The flaw would make it easy for attackers to gain access to any device connected to the network to plant malware or steal data.
And just a few weeks later, the security Twittersphere was abuzz with news that researcher Chris Roberts was detained coming off of a United flight after making jokes about hacking critical systems on a plane when news broke about a report from the Government Accountability Office highlighting security problems with passenger Wi-Fi networks that could potentially give hackers a foothold to further break into avionics systems that control flights.