Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

4/30/2015
08:00 AM
Connect Directly
Twitter
RSS
E-Mail
100%
0%

Wi-Fi Woes Continue To Plague Infosec

Several pieces of research coincide to send the message that hotspot connectivity is probably always going to be a sore spot for security.

While protections and awareness around WiFi connectivity has certainly matured over the last decade, several pieces of research over the last month serve as a reminder of how user behavior and vulnerabilities in new mobile technologies ensures that the industry will never quite lick the inherent insecurity of public WiFi hotspots.

Among them was the announcement last week at RSA from mobile security start-up Skycure, which explained how a WiFi vulnerability in iOS 8 can put Apple devices at risk of a DDoS attack from a malicious WiFi hotspot, essentially rendering them unusable.

"Basically, by generating a specially crafted SSL certificate, attackers can regenerate a bug and cause apps that perform SSL communication to crash at will," wrote Yair Amit, CTO for Skycure, in a post on the vulnerability. "An even more interesting impact of the SSL certificate parsing vulnerability is that it actually affects the underlying iOS operating system. With heavy use of devices exposed to the vulnerability, the operating system crashes as well. Even worse, under certain conditions, we managed to get devices into a repeatable reboot cycle, rendering them useless."

When combined with attacks that have bad guys creating their own malicious networks and forcing external devices to automatically connect to them, such as WiFiGate, this vulnerability could be used to create what Skycure calls a 'No iOS Zone' attack.

"Envision a small device, which automatically captures any iOS device in range and gets it to join a fake network. Then, it issues the attack and crashes attacked iOS devices again and again," Amit says. "Victims in range cannot do anything about it. Think about the impact of launching such an attack on Wall Street, or maybe at the world’s busiest airports, or at large utility plants. The results would be catastrophic."

As Tod Beardsley, engineering manager for Rapid7 explains, this attack vector offers another indication of why users should be wary of "default behavior of a casual hotspot association" with our smartphones. While users might be aware of the dangers of WiFi via laptops, they may still be less cautious with their phones.

"Smartphone users should take care with how they associate to wifi, especially unsecured, open access points. Attackers can carry out more subtle attacks, such as DNS poisoning and DNS hijacking, which can expose private, personally identifying information," he says.

Meanwhile, at the end of March, researchers with Cylance discovered a whopper of a vulnerability in routers commonly used to create hotel WiFi networks. The flaw would make it easy for attackers to gain access to any device connected to the network to plant malware or steal data.

And just a few weeks later, the security Twittersphere was abuzz with news that researcher Chris Roberts was detained coming off of a United flight after making jokes about hacking critical systems on a plane when news broke about a report from the Government Accountability Office highlighting security problems with passenger Wi-Fi networks that could potentially give hackers a foothold to further break into avionics systems that control flights.

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Joe Stanganelli
100%
0%
Joe Stanganelli,
User Rank: Ninja
4/30/2015 | 11:29:23 PM
Re: Wi-Fi Woes
At the same time, there's no denying that many people rely upon these free and open Wi-Fi spots.

In Bermuda, for instance, many of the locals don't have a home Internet connection -- and instead rely upon public Wi-Fi spots.

And even here in the US, I know a number of people who forgo Internet at home and save money by going to Starbucks or McDonald's or the like with their laptops or tablets.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
4/30/2015 | 11:27:16 PM
Re: Should Mobile Phones Act Like Personal Computers?
Of course, to be fair, most major tech products were not originally designed for security and privacy.  Things like mobile phones and Wi-Fi are, simply, lagging in these respects...
RetiredUser
50%
50%
RetiredUser,
User Rank: Ninja
4/30/2015 | 10:16:27 PM
Re: Should Mobile Phones Act Like Personal Computers?
After rolling around this discussion on Hacker News, I realized I should clarify:

I'm referring to stacks and protocols and function in the PC-phone comparison, not usability. From the perspective of having an OS, TCP/IP stack, wireless connectivity and access to the Internet via a web browser, you'd be hard-pressed to identify the PC from the phone in a functional diagram from which the label for the device was removed. Here is where the "mimic" of PC architecture comes in, not so much in how easy it is to access the file system, so forth. Sure, I realize even if there is an argument here, it's loose at first. I do believe there needs to be more separation, however, between how "we do" PC and how we do phone.

It's been noted that to change phone architecture, to write new protocols and new software and somehow still get users to the Internet, it would either cost a ton of money, or be wrought with security holes due to integrating such a brand-new ecosystem into our current one.  Perhaps, but without taking risks on new tech...
RetiredUser
50%
50%
RetiredUser,
User Rank: Ninja
4/30/2015 | 5:18:45 PM
Should Mobile Phones Act Like Personal Computers?
The Electronic Frontier Foundation (EFF) notes on their report The Problem With Mobile Phones "mobile phones were not designed for privacy and security".  While the report is mostly focused on the wide varieties of mobile phone tracking (from GPS to wireless access), it illuminates perhaps the root of the issue noted in this DarkReading article:  Mobile phones now mimic personal computers, and it begs the question: Why?

For such a ubiquitous device that holds so much personal data and is portable in ways laptops will never be, one wonders why we are designing mobiles to be just like tiny laptops with all the same protocols, applications and OS APIs.  First, sure, it's easy, but who ever heard of an old-school phone dying from a DDoS attack?  Or, being taken over by malware and every contact, password and account login sent to the Maldives for quick smash-and-grab sessions against bank accounts and so forth?

Maybe the intrinsic issue is really that we are still doing the "make it smaller" thing with tech and calling that innovation instead of "make it different" which out of the box often comes with intrinsic security of its own for actually being different.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
4/30/2015 | 12:49:10 PM
Re: Trust and Paying Attention to the Signs
Have you never seen a commercial whether it be optimum, verizon, etc advertising mobile hotspots? I see them all the time. Also, maybe not as prevalent in airports as I pointed out earlier but many places advertise in the stores the availability of wifi. Unfortunately, unlike the ISP mobile spots these are normally not authenticated against.... I think this is where the majority of change needs to take place. Easily correlated SSIDs coupled with authentication.
tekedge
50%
50%
tekedge,
User Rank: Apprentice
4/30/2015 | 12:03:24 PM
Wi-Fi Woes
It is really a nightmare to think about the havoc such a breach can cross. There are signs of a secure wifi network that the users can be aware of ! But many publicly open wifi hot spots are still danger zones and we have to beware. 
Broadway0474
50%
50%
Broadway0474,
User Rank: Apprentice
4/30/2015 | 12:00:55 PM
Re: Trust and Paying Attention to the Signs
Ryan, I would be interested to see any statistics out there on how many airport hotspots and other such public Wi-Fis have the positive signs that you so rightly point out. I would assume that most do not. I just came from an airport (no need to name names) where no password was required. I work at an employer where the whole campus is wireless, and I am not sure I feel 100% safe there either, considering that 20,000+ people on said campus can access it.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
4/30/2015 | 9:05:22 AM
Trust and Paying Attention to the Signs
Like many things this instance comes back to trust. You need to trust the initiate of your wifi connection and pay attention to the signs. The signs piece is two-fold. Negative signs be wary of non-password protected hotspots with indecipherable SSID's. Positive signs could in this case be literal signs. An airport posting free-wifi with passcode, tv commercial stating that wireless hotspots are all over the city for x customers. These customers would need to authenticate. Places like airports and ISP's among other places that genuinely want customer business are trusted initiates and this trust should be considered when connecting wirelessly.
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Human Nature vs. AI: A False Dichotomy?
John McClurg, Sr. VP & CISO, BlackBerry,  11/18/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: -when I told you that our cyber-defense was from another age
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2011-3350
PUBLISHED: 2019-11-19
masqmail 0.2.21 through 0.2.30 improperly calls seteuid() in src/log.c and src/masqmail.c that results in improper privilege dropping.
CVE-2011-3352
PUBLISHED: 2019-11-19
Zikula 1.3.0 build #3168 and probably prior has XSS flaw due to improper sanitization of the 'themename' parameter by setting default, modifying and deleting themes. A remote attacker with Zikula administrator privilege could use this flaw to execute arbitrary HTML or web script code in the context ...
CVE-2011-3349
PUBLISHED: 2019-11-19
lightdm before 0.9.6 writes in .dmrc and Xauthority files using root permissions while the files are in user controlled folders. A local user can overwrite root-owned files via a symlink, which can allow possible privilege escalation.
CVE-2019-10080
PUBLISHED: 2019-11-19
The XMLFileLookupService in NiFi versions 1.3.0 to 1.9.2 allowed trusted users to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services (via XXE) and reveal information such as the versions of Java, Jersey, and Apache that the NiFI ...
CVE-2019-10083
PUBLISHED: 2019-11-19
When updating a Process Group via the API in NiFi versions 1.3.0 to 1.9.2, the response to the request includes all of its contents (at the top most level, not recursively). The response included details about processors and controller services which the user may not have had read access to.