19 November 2020

Wi-Fi is the most popular wireless networking protocol and has existed for more than 20 years. Yet the layer two surface of the seven-layer Open Systems Interconnection model (OSI), where Wi-Fi starts its initial connection sequences, has remained largely undefended from many cyber threats because there are no industry standards or common methods for testing the security efficacy of Wi-Fi access points. It is also because the market has prioritised performance over safety for way too long.

Because shockingly very little cyber security protection exists at layer two, even a rookie hacker armed with tools that cost under £150 tools and one of the many YouTube ‘how-to’ videos, could potentially steal passwords, files, intercept emails, install malware and much more.

But these threats are hardly breaking news and are just the reality of the fundamental nature of Wi-Fi. Just about anyone with an access point, router or smartphone can choose whatever SSID (Service Set Identifier) they’d like to broadcast. In fact, one of the most significant threats is the ‘evil twin’. This is when someone can walk into a building, look at the available Wi-Fi network names and change their smartphone’s name to one of them. By enabling the ‘hotspot’ function this twin can mimic the legitimate Wi-Fi in the building so that laptops, tablets, smartphones and watches automatically connect to it and allow an attacker to intercept online traffic and data.

The other threats at large are:
- Rogue access points, whereby a wireless access point has been physically connected to a secure network without authorisation
- Rogue clients, which are devices that have been detected as connecting to a Rogue AP and are then prevented from connecting back to internal corporate Wi-Fi as the device may have been infected with malware.
- Neighbour access points, or client mis-association, which run the risk of an infection from connecting to other SSIDs while in range of an authorised participant
- Ad hoc networks, which use peer-to-peer connections to evade security controls and risks exposure to malware
- Misconfigured access points which open networks to the risk of attack as a result of configuration errors

The overriding bad news is that your existing Wi-Fi solution is unlikely to be able to block some or any of these threats.

5G versus Wi-Fi – which is more secure?
The problems do not stop at Wi-Fi. Most smartphone users generally assume that cellular data networks are more secure than unknown Wi-Fi and in general this is correct. But, as 5G roll-out starts to progress and gather pace, more and more cellular users connecting via an ever-expanding variety of devices, will be exposed to security threats via a process called Wi-Fi offloading.

Offloading happens when a large portion of cellular traffic is passed on to nearby Wi-Fi networks to cater for huge public demand and is common practice in areas like sports stadiums, shopping malls and airports. At the moment, the amount of 4G traffic which is being offloaded stands at 59%, with Cisco predicting that with 5G this will rise to 71%. This means those connections can be exposed to common Wi-Fi attacks. On top of this, the increase in internet-connected 5G devices is likely to bring a sharp rise in attackers looking to exploit cellular connectivity directly.

Last year, two attacks, Torpedo and Piercer, were disclosed by security researchers. These allowed hackers to intercept calls and track mobile phone locations without users’ knowledge.
Torpedo allowed attackers to exploit a weakness in 4 and 5G paging protocols normally used to notify a phone before an incoming call or text arrives and involved placing and cancelling several calls quickly in a row. Piercer allows attackers to obtain and then decrypt unique International Mobile Subscriber Identity (ISMI) numbers, which link us to our phones. Once this information is known, cellular ‘man in the middle’ tools such can be used to eavesdrop on calls. Researchers said they believe such attacks can be carried out using equipment costing as little as about £150.

Although a security solution that prevents these attacks is technically possible today, this would require cooperation between the companies that make the Wi-Fi infrastructure and those responsible for client devices. If these two joined forces and created a new security standard implemented via software patches on top of existing hardware, it could solve the rampant problem of Wi-Fi hacking, as well as prevent the risk of 5G traffic being offloaded to insecure APs.

The Trusted Wireless Environment - and why we all need it
The time has come for industry cooperation in building Wi-Fi security standards to protect everyone from these threat categories. Research shows people are clear that certain kinds of Wi-Fi may be ‘unsafe’, such as public hotspots, but they lack the knowledge to truly understand the actual scope of the problem and have not been given any realistic advice on how to protect themselves, their business, intellectual property, customers and employees. We are probably all guilty of jumping onto any old Wi-Fi network to check emails or social media.

Businesses should never be forced to compromise security in favour of achieving the level of Wi-Fi performance required to support user connections and client density within their wireless environments. They should also be able to control the network from a single interface regardless of size and complexity and be automatically protected from the six threat categories specified, allowing legitimate APs to operate in the same airspace.

The solution to one of the world’s largest security risks needs to be addressed in the infrastructure - access points, routers and meshes – and end-point devices from phones and watches to tablets and laptops. The burden should not be on the shoulders of the users of Wi-Fi who commonly ignore advice such as using a VPN or avoiding unsecured networks.

Therefore, coordinated efforts between the Wi-Fi technology players and the Trusted Wireless Environment movement aims to add security protection from the six threat categories to the global Wi-Fi standards. The more signatures signing up to this will help the movement partner with businesses, governments, standards and industry bodies and regulators. Only through this movement will we reach a point where we have a wireless environment we can trust, anytime, anyplace, anywhere.

By Ryan Orsi of WatchGuard Technologies