An Engineer’s perspective:
Last week a number of the GSS engineers were staying away from home working on a new project. The branded hotel we were based at for the week had unencrypted wireless, restricted only by a login page. The subject that came up one evening had also recently been covered on prime time TV. Whilst most people today would consider themselves tech-savvy, how security conscious are people with regard their devices and data when away from a trusted environment like the home or office?
When talking about unsecured wireless, namely a SSID (wireless network) that doesn’t require any form of key or security check to connect to the network, your devices and more importantly your personal data are open to attack. Using HTTPS when web browsing will help prevent basic attacks – like people reading your password in plain text by using tools such as Wireshark; however, using HTTPS alone won’t stop the more sophisticated methods of attack. Connecting to your company’s VPN will provide an immediate and effective layer of security, as long as all traffic between your user device and the public internet is transported and encrypted via the VPN. What about the everyday consumer on holiday or staying away for the weekend? Is it a stretch to think we might need our broadband routers to ship with VPN functionality and static WAN addresses, in order that we can create VPN connections back to our homes? (That’s a question and a topic for another blog)
Let’s say a hotel has a wireless network called GSS-Guest, it’s unsecured but you do require a username and password which the reception desk gives you upon checking in. For this example I’m going to say the hotel has 5 floors. As the attacker I’ve checked in on floor three, and have deployed an access point with the same network name GSS-Guest; if it’s a new hotel then chances are the signal from my access point will cover my floor and some of floors two and four. The key to this attack working is internet access, if users don’t have internet access they will start “investigating”. Ask yourself this question honestly; if you connected to GSS-Guest and weren’t prompted by the splash screen, but were granted internet access, would you continue browsing?
Going back to a previous statement; at this point after connecting to GSS-Guest, if you were to connect to a VPN it would be very difficult (but not impossible) for the person conducting the attack to compromise your connection. I decide to browse to Yahoo to check my email and I connect using HTTPS, but am I actually connecting to Yahoo, or has the person in control of the access point used a technique called ‘DNS hijack’ to route me to a realistic looking webpage? Let’s think through the connection process; when I connect to the wireless network I get an IP address for my device via DHCP, I also receive DNS server information (for resolving domain names to IP addresses). If the attacker had the right equipment in the hotel, could they send me to a spoof Yahoo webpage hosted by a webserver running in the hotel room, or even on the public internet for that matter? Login to your email once in the wrong place at the wrong time on an unsecured wireless network, and an attacker could be granted access to reset password’s and gain access to anything your email is linked to, credit card and bank accounts perhaps?
Reading the above, it’s interesting and worrying in equal measure. Over our next few blogs we are going to expand and break down some of the sections and attack components into more detail. Our security expert’s within GSS are planning to write more detailed blogs on the below:
- Wireless Phishing: This topic goes hand in hand with Evil Twin, but is extremely sophisticated.
- Soft AP’s: The threat posed by software within your laptop.
- Certificates and dot1x protection: You mention certificates and everyone thinks complexity; so in turn tend to avoid this protection method. The GSS team will break down how it’s actually done.