Last Friday, a vulnerability in Google’s ClientLogin Protocol was disclosed that makes most Android users vulnerable to ”sidejacking.” All services (Calender, Contacts, Picasa, Stock Quotes, etc.) that use the Google’s ClientLogin API for “Auto Sync” are vulnerable.
Sidejacking (aka session hijacking) is not new to Wi-Fi. Firesheep that caused a stir last October is a recent example of a tool demonstrating sidejacking attack against Twitter and Facebook. The latest vulnerability though holds significance given the huge userbase of Android smartphones commonly using their smartphones at Open Wi-Fi hotspots. Read more…
The year 2010 witnessed continued growth in the enterprise WiFi deployments. The growth was fueled by the latest 802.11n revision to WiFi technology in the late 2009 and ready availability of WiFi in most consumer electronic devices launched in 2010, including the smart phones, printers, scanners, cameras, tablets, TVs, etc. The year 2010 also witnessed popularity of the specialized WiFi centric devices, such as MiFi.
However, the year 2010 also has some major WiFi security revelations/incidents in its kitty, which re-emphasize the continued need for adoption of the best practices for secure Wi-Fi deployment/usage. Here is the run-down on significant WiFi insecurity events which we witnessed in 2010:
- Windows 7 virtual WiFi can turn a machine into a soft Rogue, which took Rogue AP thinking to a new level beyond the commercially available AP hardware.
- Insecurity exposed due to MiFi like devices after the WiFi malfunction was experienced at two major trade shows in 2010 due to these devices – the first one was Google’s first public demo of Google TV and second was iPhone 4 launch at Apple Worldwide Developers Conference. Though this manifested as performance problem, it did show how easy it had become to set up personal HoneyPot AP or Hotspot AP on enterprise premises. Read more…
The WiFi snooping row Google has gotten itself into seems to be far from over. In April, Google revealed that its Street View cars had been collecting basic data such as the MAC addresses and SSIDs of WiFi networks in the vicinity. But after German authorities asked Google to audit the data, it admitted to have been “mistakenly” snooping payload data from Open WiFi networks. Apparently, a piece of WiFi data analysis code, written by Google engineers back in 2006, was part of the software used by the Street View cars, in turn leading to the WiFi snooping (of about 600 GB of data across 30 countries!). Read more…
- Security experts warn Wi-Fi users to be more vigilant against hackers
- Experts say it’s difficult to distinguish between legitimate and rogue networks
- Wi-Fi Alliance says spread of Wi-Fi hasn’t led to an ‘epidemic’ of hacking
- Users urged to protect their networks, use VPN for sensitive data
LONDON, England (CNN) — You’re sitting in an airport lounge and seize the chance to check your e-mails before your flight departs. You log on and are tempted by a wireless Internet provider offering free Internet access. So, do you take it?
Security experts warn that hackers may be masquerading as free public Wi-Fi providers to gain access to the laptops of unsuspecting travelers. Read more…
The Department of Telecommunications (DoT), Govt. of India, has set a June 2009 deadline for complying with its regulation on WiFi security. Here’s a position paper that evaluates the DoT regulation and suggests best practices for secure use of WiFi.