The year 2010 witnessed continued growth in the enterprise WiFi deployments. The growth was fueled by the latest 802.11n revision to WiFi technology in the late 2009 and ready availability of WiFi in most consumer electronic devices launched in 2010, including the smart phones, printers, scanners, cameras, tablets, TVs, etc. The year 2010 also witnessed popularity of the specialized WiFi centric devices, such as MiFi.
However, the year 2010 also has some major WiFi security revelations/incidents in its kitty, which re-emphasize the continued need for adoption of the best practices for secure Wi-Fi deployment/usage. Here is the run-down on significant WiFi insecurity events which we witnessed in 2010:
- Windows 7 virtual WiFi can turn a machine into a soft Rogue, which took Rogue AP thinking to a new level beyond the commercially available AP hardware.
- Insecurity exposed due to MiFi like devices after the WiFi malfunction was experienced at two major trade shows in 2010 due to these devices – the first one was Google’s first public demo of Google TV and second was iPhone 4 launch at Apple Worldwide Developers Conference. Though this manifested as performance problem, it did show how easy it had become to set up personal HoneyPot AP or Hotspot AP on enterprise premises. Read more…
Due to the overwhelming attendance and response we got to the recent WPA2 Hole196 webinar, we did not have time to answer all the questions asked during the webinar. In this post, we are keeping our promise and answering those webinar questions.
By the way, the webinar slides and recording from this webinar as well as answers to the frequently asked questions on Hole196 and a white paper are available here.
So here we go!
A cloud-based service called WPA Cracker launched last week promises to crack WPA-PSK (WiFi Protected Access with Pre-Shared Keying) for you starting $17 .
Like any other password-based authentication system, WPA-PSK (and WPA2-PSK) is vulnerable to a “dictionary attack.” This is a brute force technique in which a hacker uses a dictionary or database of commonly used passwords to guess the WPA encryption key. The problem with this approach is that it might take days or weeks to crack even a moderately strong password with a typical PC.
What makes the WPA Cracker service interesting is that it provides you access to huge amount of computing power using a 400-node cluster. The service promises to parse a dictionary of 135 million passwords and email you the results in 20 minutes for $34. If that price tag sounds steep or if you are ready to wait longer, then you can pay $17 to use half the cluster and receive the results by email in 40 minutes.
The service is targeted to ethical hackers that do wireless vulnerability assessment and wireless network penetration testing for a living. But I wonder…what would keep the “unethical” hackers from misusing a cloud-based service like this.
Not every cloud has a silver lining. What do you think?
The recently announced improved version of the original Beck-Tews attack on WPA/TKIP appears to have put the wireless security community in a tizzy again. In this post, I argue that the new attack is neither groundbreaking in academic terms, nor is it more worrying in practical terms.
The proposed attack assumes (somewhat unrealistically) that the AP and client cannot hear each other but the attacker can hear both (and can thus act as a man-in-the-middle). In terms of attack speed as well, it is actually slower than the original attack under its stated assumptions.
What % of WiFi laptop users in your organization are vulnerable to WiFishing attacks? The odds are very high that you don’t have an exact answer.
WiFish Finder is a tool for assessing whether WiFi devices active in the air are vulnerable to ‘Wi-Fishing’ attacks. Assessment is performed through a combination of passive traffic sniffing and active probing techniques. Most WiFi clients keep a memory of networks (SSIDs) they have connected to in the past. Wi-Fish Finder first builds a list of probed networks and then using a set of clever techniques also determines security setting of each probed network. A client is a fishing target if it is actively seeking to connect to an OPEN or a WEP network. Clients only willing to connect to WPA or WPA2 networks are not completely safe either!
To find out why – you’r welcome to try out WiFish Finder a vulnerability assessment tool built by Sohail and Prabhash, members of security research team at AirTight Networks. Sohail is presenting WiFish Finder at DefCon 2009 today. Demo version of this tool (Version 1.0) can be downloaded from http://airtightnetworks.com/fileadmin/downloads/WiFishFinder-v0.1.zip
Sohail is also planning to release WiFish Finder Ver 2.0 with speed, usability and feature enhancements (such as PEAP vulnerability detection) upon his return from Las Vegas. To download full featured version of WiFish Finder and for tips on protecting your laptop from Wi-Fishing attacks, visit http://www.airtightnetworks.com/wifishfinder.This URL will be operational in 4-5 days.
What % of WiFi laptop users in your organization are vulnerable to WiFishing attacks? Well, you only have to wait another 4-5 days to find out the answer!
-*- Pravin -*-
Best practices, Wireless scanning, Wireless security