Five Myths about Wireless Security
In our connected world, wireless security threats – which can lead to identity theft or the loss of proprietary information – have become all too common. As National Cyber Security Awareness Month winds down, here are five common myths about wireless security that deserve our attention and action:
Myth 1: Only professional hackers can exploit wireless vulnerabilities
This used to be the case a number of years ago, but the hurdle to start hacking is unfortunately very low these days. Hacking tools are now more readily available and much easier to use.
Would-be hackers no longer need to compile code from source hacking tools that may or may not work with a Linux operating system; they can now choose from a wide variety of Linux distributions that come preloaded with all of the security/hacking tools they need right out of the box. These distributions are usually small operating systems a hacker can install on a laptop, a portable USB or virtual machine.
To top it off, the Internet contains a wealth of guides and hacking tutorials with step-by-step instructions.
Myth 2: Wireless hacking requires expensive and/or specialized equipment
Are the tools hackers use expensive? The answer is usually no. The main tools a wireless hacker needs to get the job done are off-the-shelf wireless adapters, drop-boxes (Raspberry Pi, Beaglebone, WiFi Pineapple, etc.), memory sticks, basic instructions and a laptop.
All of these items, except for a laptop, cost less than $100. Hackers can buy a WiFi Pineapple for $99 online, while all of the other tools retail for under $50. WiFi adapters run in the $20-$30 range, and drop-boxes are convenient to have, but not necessarily required. The operating systems typically used are Kali Linux or Backtrack Linux, which are free of charge.
And get this: purchasing these devices has never been easier, thanks to online retail sites, many of which are actually reputable retailers.
Myth 3: Strong authentication and encryption offer full protection
In most cases, this is true, but a wireless administrator can still get into trouble by relying too heavily on encryption alone. Using encryption and authentication WPA2 with PEAP (Protected EAP) is a clear example. With WPA2-PEAP, authentication is based on 802.1x (Active Directory or Radius). However, if an administrator configures a wireless device – such as an employee laptop, tablet or smartphone – and does not validate the certificate, this opens up significant vulnerabilities.
Hackers can now operate a tool called FreeRadius-WPE, or the newer variation, Hostapd-WPE, to create a wireless honeypot broadcasting the same SSID as the corporate WPA2-PEAP setup. The attacker can then lure unsuspecting devices to connect and expose users’ challenge and response data. The attacker will then take this information offline to crack. If MSCHAPv2 is used, there is a substantial likelihood that the hacker will obtain usernames and passwords. EAP-TTLS and EAP-FAST are also susceptible to this type of impersonation attack.
Good encryption and authentication is a key part of wireless security, which requires a layered approach with employee awareness.
Myth 4: Lack of wireless security attacks in the media means networks are safe
The old phrase “no news is good news” just doesn’t apply to wireless security. In fact, most of the old wireless attacks are still active and relevant today. Everything from Deauthentication and Honeypot attacks to Karma and Radius Impersonation (802.1x Honeypot) are all very much alive and well.
These attacks, although several years old, are still effective in targeting wireless devices through wireless infrastructures. The majority of WiFi users have become complacent about wireless security because new attacks don’t show up very often in the news.
The bottom line is that wireless administrators should always be vigilant and monitor for any wireless attacks, old or new.
Myth 5: With MAC address filtering, only approved MAC addresses can connect
MAC address filtering is an option on every wireless solution available. Everything from consumer-level to enterprise-level wireless implementations has the option to apply some level of MAC address filtering.
Even though this might sound like a sound security practice, it’s actually not. Spoofing a MAC address is an incredibly easy process for hackers on practically every operating system out there. Hackers can use spoofed MAC addresses in several types of attacks, including WEP replay, Deauthentication and Disassociation, and impersonations, where a device can piggyback onto a wireless guest network after a client has authenticated.
Misconceptions about network security and a false sense of protection are just as dangerous as the attacks themselves. As modern technologies and connectivity continue to evolve, it has never been more important to stay up to date and ruthlessly proactive in ferreting out wireless security threats and potential vulnerabilities.
Related WLAN Resources