The Risk: When Convenience Becomes a Liability

Imagine this: You’ve visited a coffee shop and connected your smartphone to their Wi-Fi network. Your device remembers this network to connect automatically next time. Seems harmless, right? Here’s where the risk creeps in.

Once you tell a device to automatically reconnect to a remembered network in range, your device will continuously send out “probes” or signals looking for that network, typically one to four times a minute and more often when other events can trigger a probe. A threat actor can set up a Wi-Fi access point with a common SSID name, such as “home.” And what if your device is configured to automatically connect to a network you trust named “home?” When your device, say your smartphone or laptop, is within range, it might automatically connect to this rogue Wi-Fi network without your knowledge.

The Trap: A Deceptive Doppelgänger

This rogue network, set up by the threat actor, is a doppelgänger of your trusted network but with nefarious purposes.

Remember: Your device connects to the rogue access point automatically and often without alerting you at all. (see “what about passwords” below). This attack does not need you to make any mistakes to succeed, and it can happen without your knowledge.

Ten common network names threat actors can use that will often lure devices from unsuspecting users to connect include:

• xfinitywifi
• linksys
• Marriott_Guest
• Hyatt
• hhonors
• NETGEAR
• Guest
• dlink
• FreeWifi
• Home

To make it even easier to connect, there are commercially available devices that listen for the SSID name in a probe from an unsuspecting user’s device and then broadcast that name in an effort to capture the device’s connection. In that case, it doesn’t matter how unique your SSID is, an automated device can attempt to establish a connection without your knowledge. If you are technically minded, you can read the section at the bottom of this article for a detailed explanation of how probing works.

Once connected, the attacker can intercept your device’s data. This interception could be called a “Man-in-the-Middle” attack. Thanks to encryption technology, the attacks are more complicated than they used to be, but they are still possible in some circumstances. If the attacker successfully establishes the Man-in-the-Middle connection, imagine sending confidential emails, accessing your company’s financial data, or even logging into your personal banking app, all while an unseen cybercriminal is potentially recording every keystroke and data transfer.

Another serious concern is if threat actors know of undiscovered vulnerabilities that will allow them to hack into your device. This is one of the most important reasons to always apply security updates when they are released and always keep backups for the unlikely scenario of an update causing a problem on your device. Even if you applied all of your security updates, sometimes attackers know of ways to break in that haven’t been discovered by the device’s manufacturer, operating system producer, or app developer yet. Thus, there are no updates written. Bad actors can use tools to scan your device and exploit vulnerabilities quickly. Their ultimate goal would be to take control of, or pwn, your device. This isn’t always easy if you have all your updates in place, but it isn’t impossible either.

The Consequences: A Digital Pandora’s Box

The consequences from attackers successfully tricking your device into connecting to their rogue access point and exploiting vulnerabilities can range from private information exposure to significant breaches:

1. Personal Data Theft: Sensitive personal information can be stolen.
2. Corporate Espionage: Confidential business information could be compromised.
3. Identity Theft: Your digital identity could be used for fraudulent activities.
4. Network Infiltration: Once a device is compromised, it can serve as a gateway to your business’s entire network.

Prevention: Turning Awareness into Action

As executives, instructing your workers to implement security measures is crucial. Here are some actionable steps you can take in the Wi-Fi settings of your laptops, phones, and tablets:

1. Forget Networks: In your device’s Wi-Fi settings, examine the network names identified as “remembered” or “my networks.” Tell your device to ‘forget’ networks by removing them from the ‘my networks’ list, except those you use frequently. Were any of the ten listed above remembered on your device? To establish the unauthorized connection, the threat actor would need to use the name of one of the networks you leave remembered or use the device mentioned above that responds to probes for names your device sends.
2. Avoid a False Sense of Security: If your device has the “Ask to Join Networks” setting, read the fine print. The device will still join known network names without asking. The setting is usually more about asking before joining new or unknown networks, rather than known ones.
3. Turn off Wi-Fi When You Aren’t Using it: To reduce your exposure dramatically, disable Wi-Fi when you are not using it. Your device will stop probing, stop listening for access points broadcasting their name, and won’t connect to any Wi-Fi networks. Some devices have a quick shortcut to turn off Wi-Fi from an easily accessible menu, but they might turn Wi-Fi back on again after a while or when you move to a new location. On those devices, if you go into “Settings” to disable Wi-Fi, it should stay off until you manually change the setting to “on” again.

What about Wireless Passwords?

If the original remembered network you connected to, such as the coffee shop network, had no password, your device would join the network automatically and not alert you. This is a common risk with some remembered networks. You may have noticed that many hotels and some coffee shops and restaurants now require no Wi-Fi password; this is undoubtedly to reduce guest frustration and the number of calls from hotel rooms to the front desk asking for the password. The prevalence of public networks without passwords makes it especially important for you to tell your device to forget networks and be sure to forget the ones with no passwords.

However, if the “remembered” network did have a password, then to get your device to connect automatically without warning you, the threat actor will need to set the same password on the rogue access point. It is simple for an attacker to know the password for coffee shops and other networks that share the password with guests.

Many companies will set passwords on networks and hopefully don’t write the password on dry-erase boards in the meeting room. Even if the passwords are configured at the company, and users do not know the password since the IT Professionals configure their computers, if an attacker is able to access one computer, in-person or remotely, there is a chance they can run a script to find out the wireless password for the company. This is why some companies use enterprise-level Wi-Fi authentication that does not rely on a shared password.  Or, attackers can use social engineering to successfully trick a user into providing the network password. If a user’s device doesn’t detect any anomalies between the rogue access point and the access point it is used to connecting to, the user will not be alerted they are connecting to a rogue access point, and their device will connect automatically.

An exception that might generate an alert is when there is a discrepancy between the security settings of the known network and the one to which the device is trying to connect. An example is when the rogue access point does not have a password, but the remembered network does. In this case, some devices will prompt you: “Are you sure you want to join this network?” The default button, “join,” is preselected. Unless you are on the lookout for this kind of message and know the seriousness, you might click “join” and not think anything of it. Sometimes, the device will connect and not alert the user but will quietly list the word “open” or “insecure” under the network name on the list of networks under settings. Most people do not periodically look at the Wi-Fi settings, so the label often goes unnoticed. Even if a user does notice the label, there is a good chance the attacker already probed for weaknesses and exploited any vulnerabilities they discovered.

However, if you ever see a prompt asking you to re-enter a password, that is a huge red flag, and you need to assess the situation carefully to determine if your device is attempting to connect to a rogue access point with an inaccurate password.

And to be sure you don’t have a false sense of security, remember that devices do not prompt the user if the security settings of the new network match those of the remembered network, and the device will quietly automatically connect even if it’s a rogue access point.

What about a VPN?

A Virtual Private Network (VPN) is a technology that encrypts data as it moves to and from your device. This encryption can prevent attackers from reading your data. However, it’s important to note that a VPN doesn’t protect you from attackers who scan for unpatched vulnerabilities, search for open ports, and exploit weaknesses on your device. Even if you use a VPN, you’re still vulnerable to such attacks. Follow the instructions above to help ensure your online safety.

Final Thoughts: Balancing Convenience with Caution

In today’s fast-paced digital world, convenience often beats caution. However, in the realm of cybersecurity, this trade-off can have dire consequences. As leaders, our role extends beyond making decisions; it includes understanding and mitigating the risks associated with the technology we use every day. Stay safe, stay informed, and lead your organization confidently in this digital age.

Technical Details About the Probing Process

For the more technically minded, here is more information about the probing process. When we say that devices are constantly probing, they are, and the probing might be once every 15 to 60 seconds. The probing frequency can vary, for example, if you put your device in low battery mode.

In addition to devices probing, know that Wi-Fi access points, including rogue access points attackers use, broadcast their network name, a process called beaconing, sometimes as often as ten times every second. The rate of beaconing is usually configurable by your IT Professionals.

If you look at “available networks” in “settings” on your device, you might notice that the list takes a few seconds to build because your device is cycling through multiple Wi-Fi frequencies, listening for the beacons.

An interesting setting not everyone is familiar with on wireless access points is that you can instruct the access point to be “hidden.” If you do, then the access point will not send out beacons. However, hidden networks, while not broadcasting their SSID, will still respond to direct probes that contain their SSID name. So, as soon as your device sends out a probe looking for the remembered hidden network, which it does regularly, as described above, the access point will respond, and your device will connect. Just because a network you “remembered” is hidden at your home or office doesn’t affect a threat actor’s ability to lure your device into connecting to their rogue access point, even if the hacker’s access point is not hidden.

Additionally, to reduce the delay in connecting, your device will send immediate probes in certain circumstances, such as when it wakes from sleep, when you open your laptop’s lid, or if you just disabled airplane mode. Your device will quickly find access points, even rogue ones, especially if they are “remembered.”

A significant benefit to attackers of your device probing periodically, such as every 15 to 60 seconds, is when the attacker doesn’t already know the network names your device has remembered. The attacker tools wait for the probe, then know the name, and the rogue access point automatically claims to have that network’s name. This is a very powerful way for attackers to capture as many unsuspecting users as possible without needing to predict the names of remembered networks.

Subscribe to maximize your executive potential with Foster Institute’s E-Savvy Newsletter, packed with practical IT security solutions and actionable strategies for success: https://fosterinstitute.com/e-savvy-newsletter/

Disclaimer: The information provided in this blog is for general informational purposes only. Technology changes constantly, and some of this information might become obsolete or incorrect. We do not endorse or receive compensation for mentioning products, services, or brand names. Any outbound links provided are for your convenience and to get you started, but we cannot guarantee the security or safety of those external websites. Conducting your research and making an informed decision about any products or services mentioned here is essential. We shall not be held responsible for any actions taken based on the information provided.

The post Outsmarting the Invisible Threat: How Cyber Attackers Hijack Your Wi-Fi Connections and How to Protect Yourself appeared first on Foster Institute.

Faster: Wi-Fi version 6 won’t necessarily speed up your network if you have few wireless devices because it only offers faster speeds when multiple wireless phones, computers, appliances, and other devices connect to the access point. Up to 8 devices can communicate simultaneously with the access points, twice as many as before. The new technology even makes mobile device batteries last longer because Wi-Fi v6 can permit devices to draw less power.

More Secure: The primary security-related feature is mandating a security technology called WPA3. The prior version, WPA2, is more than ten years old and vulnerable to remote password guessing attacks. WPA3 requires an attacker to stay physically close to a network when guessing passwords, and your devices can detect frequent guesses. WPA3 encryption is optional in Wi-Fi v5 but required with Wi-Fi version 6.

Futureproofing and Interoperability: When you buy new devices, they may be so expensive that you don’t replace them for years. The good news is that your old Wi-Fi version 5 devices can work with your new access points, and vice versa, so you don’t need to replace everything immediately. However, over time, replace both to experience all of the benefits of version 6.

Nomenclature: You may have noticed that the Wi-Fi Alliance is ditching the old way of naming wireless technology like 802.11b, 802.11a, etc. Now, they are moving to increase version numbers, starting with Wi-Fi v6. The next version will be v7, then v8, and so on.

Please forward this message to people you know who are buying new Wi-Fi devices so they can seek Wi-Fi v6 certified devices when available. They’ll help futureproof their investment, increase security, and enjoy faster connections in busy environments.

The post When You Buy New Wi-Fi devices, be Sure they Support Wi-Fi Version 6 appeared first on Foster Institute.

The attack can permit attackers to potentially eavesdrop on your network traffic and your communications, change information, delete information, and insert information, all to cause problems and cost you money.

The good news is that the attacker needs to be within range of your Wi-Fi network. They could be some distance away if they use a strong antenna or if they plant a remotely controlled device nearby.

Do two things to mitigate this danger:

First: Apply the new patches that address this issue. That can prevent the attack.

Second: Isolate your wireless network from the rest of your network. That can help reduce the damage.

Related to the first step: Apply the most recent critical security patches, often called firmware updates, to your wireless devices. The company brands of your devices should release patches. Additionally, apply patches to your operating systems and applications that use Wi-Fi networking.

Microsoft released a patch a few days ago, on October 10, as part of the expected second Tuesday of every month patches, that solves this problem on their side of the products. At home, your automatic update should have patched your Windows workstations. But you will still need to patch your wireless access point. At the office, your IT team will need to patch the computers and devices. Please give them time to do so – it can take some time. Information about the attack in general, and some of the patches, can be found at: kb.cert.org/vuls/id/228519 If the manufacturer of your devices does not produce updates, your next step might be to replace the devices with new ones.

For the second step: It is an IT Security best practice to isolate all wireless devices on your network to be away from the wired devices. For years, organizations would add wireless capabilities to their network by connecting wireless access points to the same network as your workstations and servers. That is a very dangerous practice since it can permit wireless devices, perhaps belonging to an attacker in the van outside your building, to access the wired resources on your network. In the case of this specific attack, it makes it easier for the attacker to access the data on the most protected parts of your organization’s network. Isolate all wireless devices on their own, what your IT professionals call a, filtered subnet.

As is often the case with IT Security, this will be a risk vs. expense decision. It is important that the executives of a company make the final decision about whether or not to ask IT to implement the mitigation steps. Your IT Team will appreciate your deciding, and the choice is yours since, if there is a successful cyber-attack, the executives, especially the president, CEO, and owner will suffer the most.

Please forward this to everyone you know who uses wireless networks.

The post Wireless Security is Broken & What You Need to Do appeared first on Foster Institute.

Your iPhone and iPad will prompt you to upgrade to the new iOS 11 soon. Having the most recent version of iOS is one strategy for being secure. Like Google does with the Android OS, Apple focuses on keeping the newest iOS free from security vulnerabilities.

But, with Apple’s new iOS 11, you need to be aware of a feature that might cause you to believe you are safe from Wi-Fi attacks when you are not.

Mobile devices are vulnerable to Wi-Fi attacks, and people who are serious about the security of their phone or tablet choose to turn off Wi-Fi except when they are at their office, home, or somewhere else they know they want to use W-Fi.

In the new iOS, turning off Wi-Fi in the Control Center does not really turn off Wi-Fi. Apple says this is a feature that keeps you from losing connectivity with Wi-Fi devices like an Apple TV or a Pen. But the practice of Apple leaving Wi-Fi on without your knowledge has created some discontent in some of us who want to help you be as secure as you want to be.

If you turn off Wi-Fi in the Control Center, your device will indeed disconnect online connections to Wi-Fi networks, at least temporarily, so it appears to work.

But Apple says that, as soon as the user walks or drives to a new location, the auto-join feature will turn itself back on without notifying or asking the user’s permission. I tried that, turning off Wi-Fi in my Control Center, and then drove a few miles just to see. To my happy surprise, the Wi-Fi did not re-enable. However, a little time later in my office, I noticed that the Wi-Fi had turned itself on again on its own.

Apple also says that auto-join will come on again automatically at 5 am. Sure enough, I turned off Wi-Fi in the Control Center at night, and when I checked the icon in the Control Center at 5:15am, the Wi-Fi was re-enabled.

You can read about this unexpected feature, on Apple’s own website: https://support.apple.com/en-us/HT208086

You will be OK, as long as you know that if you want to turn off Wi-Fi, you have to go to the settings menu and turn Wi-Fi off there.

Please forward this to anyone you know who knows that turning off the Wi-Fi on their phone can increase their safety from attackers. Help them know that the only way to turn off Wi-Fi is to go to settings, not to the easy to reach control center.

The post New iPhone and iPad iOS 11 Can Quietly Override Your Attempt to Be Secure appeared first on Foster Institute.

Gaining access to your account can provide everything from photos stored in your phone, to the passwords of Wi-Fi access points to which you’ve connected to in the past. That is very concerning.

When attackers know your browsing history, your email messages, your past search terms and the links you’ve clicked, they can use that information to perform very effective attacks tailored to trick you and the members in your company. With knowledge of your passwords, they can wreak all kinds of havoc.

Go get an idea of the kind of data that is stored in the cloud and is potentially accessible to attackers who use the right tools, see google dot com /policies/privacy/

Additionally, there are tools available, such as cloud explorer, that make it easy for even non-technical attackers to conveniently gain access to the sensitive information stored in your phone.

Please forward this to whomever is concerned about their mobile device’s security.

The post Attackers Can Hack Your Phone Without Having Your Phone appeared first on Foster Institute.

When you connect to a network that isn’t under your control, someone else on the guest network could capture your data and even hack your computer. Your IT Pros can take steps to reduce the risks, but it is best not to connect.

So, how do you work remotely?  Most phones these days permit you to connect your laptop through the phone to use the Internet. This functionality is often referred to as making a personal hot-spot. There are even devices that provide the 4G connectivity without using your phone.

Call your mobile phone service provider and ask how much of your data plan you use now. You might be pleasantly surprised that, especially using email and browsing the web, using your phone as a personal hot spot will be less expensive than you might think.

And a side benefit to connecting your laptop to the Internet through your phone:  the speeds may be faster too.

Please share this with everyone you care about who might be tempted to connect to a public wireless network.

The post Avoid Public Wireless Networks and Hot Spots appeared first on Foster Institute.

Most executives do not realize that using public Wi-Fi can be very dangerous.

Rather than terrify you with all of the cyber-security risks companies face, because the Sony breach is doing that. Here is a better solution for wireless access: Use the data-sharing function of your phone.

Most phones these days permit you to connect your laptop through the phone to use the Internet. The connection speeds are usually very fast, and unless you are watching movies, the amount of data you consume may be less than you think.

Wishing you a cyber-safe holiday season!

The post Cyber-Safe Holiday Travels appeared first on Foster Institute.