Wi-Fi has become a part of pretty much any device that has network access. From mobile phones and tablets to desktop computers and laptops. The time to plug in an Ethernet cable has long since passed. And while just a few years ago it was considered high risk to allow Wi-Fi access in corporate offices, now it is just a standard part of doing business.
Unfortunately, when dealing with technology that everyone is using, cybercriminals are generally also going to get involved. And when it comes to Wi-Fi, there are plenty of opportunities for cybercriminals to attack. Fortunately, most of this risk can be easily eliminated through awareness and proper security controls.
Another way that criminals will get you to connect to their malicious Wi-Fi access point is to simply imitate a legitimate access point. For example, if you’re at work, the access point name might be your corporate name. A cybercriminal can sit in a car or office near by and turn on a Wi-Fi access point that has the same name. Now, when your mobile device or computer attempts to connect to the access point that it has connected to in the past, it might connect to the malicious access point instead of the real one. This is because many devices are designed to remember previous access points that they connect to. So if that device becomes available again, the device will connect automatically. Criminals can even go so far as to knock the legitimate access point offline making only their access point available in the area.
Another risk is tied to privacy. While a victim is connected to the malicious access point, everything the user does online can be monitored by the cybercriminal. This risk has been reduced in recent years as more sites have installed SSL certificates. An SSL certificate allows the website to encrypt all of it’s traffic. So when you visit a website and the URL starts with HTTPS://, that indicates that everything you see and type on that website is secure and even if you were on a malicious Wi-Fi access point, the criminal cannot actually see what you’re typing. It is important to note that while HTTPS does ensure that the data you are sending to the website is secure, HTTPS does not guarantee the website you are visiting is actually legitimate. What this means is that if you have typed in the correct URL and you see the HTTPS, then you should be safe. On the other hand, if you accidentally mistype the URL or are visiting a site that you are not familiar with, it could have HTTPS in the URL, but that does not guarantee the website itself is safe. Again, it only ensures that the connection you have to that website is secure and cannot be monitored by a criminal on the Wi-Fi network.
The last common form of attack with malicious Wi-Fi access points is through what is known as a DNS attack. When your mobile device or computer connects to any Wi-Fi access point, that access point will assign a DNS server to your device. A DNS server is a system that tells your computer how to get to another computer based on the domain name that you type into your computer. For example, if you open your web browser and type in www.sosdailynews.com, your computer has no idea what that actually means. Instead it will send that domain name to a DNS server and ask “how do I get to this address?” The DNS server will then respond with something like “192.223.10.25” which is an IP address for that particular website. Your computer understands the IP address and then makes the connection. Now, imagine if the cybercriminal has control over the DNS server that your computer is talking to. That would allow him to control where your computer actually connects. So for example, if you were to type in the URL to a bank or credit union, a malicious DNS server could give you an IP address that points to a criminal’s web server designed to look to like the real bank or credit union. So as far as you know, you have typed the correct URL and ended up at a website that looks like what you expected. Only now when you type in your login, password or other confidential information, it’s actually being sent to the malicious website without you having any idea.
Because detecting phony Wi-Fi access points is difficult, the most likely time for you to detect a potential issue is when you browse to a secured site (any site that starts with https://). Be sure to always look to make sure that the website starts with HTTPS:///. Most people will simply type in www.whatever.com and assume it will add the HTTPS:// at the beginning. Always look to make sure it is there. If it is not, do not proceed. If you attempt to connect to a secured website and receive a message saying there is an issue or error with the security certificate, you should stop immediately. There is never a situation where a broken security certificate is normal and under no circumstance should you ever proceed. If you receive a warning, error message, or other notification that there is a problem, stop, pick up the phone, and contact your supervisor. If you are not at the office, but are at a public location, again stop. Remember that it does not matter where you are; a Wi-Fi attack can happen at home, at work or at any public location.
Need a Wi-Fi assessment? Contact Harbor Today!