Wireless vulnerabilities are as old as wireless networks themselves. Until now, however, there has never been a wireless technology as important and pervasive as the 802.11 WiFi that's used by so many people -- people of all walks of life, not just techies.
Laptops, cellphones, portable music players, home media centers, and other similar WiFi-capable devices are all very easy targets for malicious wireless attacks -- including spying on data in transit, evil twin attacks, and exploitation of wireless device drivers.
And even with all of the warnings offered by public WiFi networks and lectures from their tech support, most users still dont understand that their wireless network traffic can easily be sniffed while theyre surfing the Web at their local coffee shop. Despite the fact that wireless attackers are stealing banking data, email accounts, and enterprise credentials, most users still dont take necessary precautions to protect themselves. They think it will never happen to them.
Of course, a significant portion of blame can easily be shifted to the wireless technology itself, and poorly designed security measures like WEP and WPA. Sadly, the attacks that I performed using Airsnarf five years ago during presentations designed to scare folks in the educational community are the same attacks that are taking place today -- with smaller devices and more capable attack software. While they seemed appropriately frightened at the time, those same audience members probably connect to insecure public hotspots daily.
Subnotebooks like the Asus Eee PC (listen to Risky Business #61 to hear about HD Moore's Eee-vil), along with powerful Linux-based handhelds like the Nokia N810, allow attackers to be more mobile and less obvious. The Nokia N810 can easily be slipped into a pocket while running attack tools like the Metasploit Framework. Immunity, the developers of CANVAS, have even based their mobile hacking platform, SILICA, on the Nokia N-Series which features such capabilities as executing man-in-the-middle attacks, bypassing 802.11 security mechanism, exploiting vulnerable hosts, network mapping, and more.
If youre a security professional for an organization with a large mobile workforce, youre probably wondering how you can protect your users from these threats. The easiest answer is to take away all their laptops and make them use pencil and paper, but that strategy seldom flies.
The first step is to design and enact policies regarding usage of corporate laptops on wireless networks. The policies should be well defined, stating what wireless networks are approved and how they should be used. Consider demoing some of the attack tools, such as KARMA, to show your users how easy it is for them to be tricked into connecting to a rogue network. Demos will certainly help drive home the reasoning for the policy.
Policies can only do so much (or so little, depending on your level of cynicism) without having technical controls in place to back up those policies. Unfortunately, there arent a lot of great options that focus on protecting wireless clients. There is one solution -- cellular adapters -- that completely bypasses the concerns of using WiFi. This can be pricey, depending on the size of your mobile workforce, but I know several security professionals that use these devices exclusively and leave their laptop wireless-disabled at all times.
Enterprise wireless deployments should use WPA2-enterprise or WPA-enterprise and never rely on pre-shared keys for authentication and encryption. These security measures prevent network sniffing and man-in-the-middle attacks while in the office, but dont do much good in the field.
Enterprises that use Microsoft Active Directory have some powerful options using the Wireless Network Policies extension for Group Policies. Administrators can define requirements for their Windows XP and Vista machines as to what WiFi networks can be connected to, what encryption mechanisms they must use, what particular networks should be denied, and more (See The Cable Guy: Wireless Group Policy Setting for Windows Vista.)
If your company decides that users must be able to use public wireless networks, then make sure that the laptops are secured properly with the latest patches, antivirus updates, and firewalls -- maybe even a full-blown host intrusion prevention system. Require users to go through a VPN when using wireless, so their communications are encrypted and hidden from prying eyes. Its a good idea to also have an IDS/IPS in place to monitor all traffic coming in to the corporate network through the VPN from these remote users.
Most importantly, teach your users that wireless networks arent safe and they take risks whenever they use free WiFi hotspots. Wireless networks and their safety are analogous to violence on TV. If you see enough of it, you can become a bit desensitized to it. Users see wireless built into almost every device they own, so they think it must be OK to use. Its time to snap them back into reality and put in the necessary measures to protect them.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.