Wi-Fi Insecurity Wrap-up for 2010
The year 2010 witnessed continued growth in the enterprise WiFi deployments. The growth was fueled by the latest 802.11n revision to WiFi technology in the late 2009 and ready availability of WiFi in most consumer electronic devices launched in 2010, including the smart phones, printers, scanners, cameras, tablets, TVs, etc. The year 2010 also witnessed popularity of the specialized WiFi centric devices, such as MiFi.
However, the year 2010 also has some major WiFi security revelations/incidents in its kitty, which re-emphasize the continued need for adoption of the best practices for secure Wi-Fi deployment/usage. Here is the run-down on significant WiFi insecurity events which we witnessed in 2010:
- Windows 7 virtual WiFi can turn a machine into a soft Rogue, which took Rogue AP thinking to a new level beyond the commercially available AP hardware.
- Insecurity exposed due to MiFi like devices after the WiFi malfunction was experienced at two major trade shows in 2010 due to these devices – the first one was Google’s first public demo of Google TV and second was iPhone 4 launch at Apple Worldwide Developers Conference. Though this manifested as performance problem, it did show how easy it had become to set up personal HoneyPot AP or Hotspot AP on enterprise premises.
- Google’s WiFi snooping controversy made headlines for collecting data from unsecured WiFi networks and served as reminder to properly secure home and office WiFi networks.
- Insecurity exposed due to private adhoc mode WiFi networks after these were used by the Russian spies in the US for data transfer.
- Fake WiFi networks can steal data from smartphones in cases where the phone is not told to forget an insecure WiFi network such as hotspot WiFi after using it.
- Hole196 uncovered for WPA2 WiFi networks capable of launching an insider attack even on the most secure WiFi configuration known today, which is WPA2 (AES encrypted) with 802.1x authentication.
- WiFi hacking made easy with Firesheep, a Firefox extension released by software freelancer Eric Butler to demonstrate the security negligence of popular social networking websites and vulnerability of public WiFi networks.
- Terrorists hacked an insecure residential WiFi network in India to send terror e-mails after bomb blasts.
- Minnesota man hacked neighbor’s WiFi to send a threatening e-mail to Vice President of the United States, Joe Biden.
- Smartphone can act as WiFi attacker due to high end capabilities built into the upcoming smartphones, which was demonstrated at CSI 2010.
- Increased consumerization of WiFi enabled devices, most importantly Smart Phones, raising new security concerns for IT administrators.
To know more about these happenings, refer to my NetworkWorld article “WiFi Vulnerabilities: Advances and incidents in 2010”.