Ever think twice about the wisdom of logging on to a wi-fi network when you’re out and about? For millions of Australians, the answer is no.
For many smartphone users, making use of the free wi-fi at the local shopping centre, coffee shop or public facility is an event too unremarkable to mention. Yet, there are significant dangers associated with their doing so, namely the possibility of data and identity theft.
As wi-fi usage continues to burgeon, vendors across the high-tech spectrum need to come together to develop a global wi-fi security standard with real teeth, so users can log on with confidence, whenever and wherever they choose.
Wi-fi, wild west?
It’s free, it’s easy, it’s right there for the using – so what’s the problem? Actually, there are several ways wi-fi networking technology can be subverted by hackers and cyber-criminals keen to get their hands on the data, the credentials and the bank account details of unsuspecting individuals.
They include:
- Using Rogue Access Points to hijack Point of Sales systems and steal credit card details.
- Setting up Evil Twin networks which have similar names to their bona fide equivalents and snaffling the payment details of unsuspecting customers when they’re shopping online.
- Spreading malware that turns mobile devices into Rogue Clients which will infect corporate networks when their owners log on, back at the office.
- Taking advantage of misconfigured access points.
- Intercepting free file sharing services to access documents and files in transition.
- Seeking an “in” to corporate networks by encouraging employees who’ve been blocked from accessing their favourite sites at work to log on to a free service nearby.
“Kinda” protections that don’t work that well
It’s important to note that the wi-fi landscape isn’t the badlands – not completely, anyway. Security standards have been in place for many years and they’ve provided protection of a kind, albeit not sufficient to combat threats effectively in today’s sophisticated and rapidly evolving landscape.
Developed by the Wi-Fi Alliance, the not-for-profit agency charged with promoting the implementation and use of wi-fi technology, the Wired Equivalent Privacy security protocol and its successor, the Wi-fi Protected Access standard, were designed to authenticate users as they joined networks, and to encrypt their data once logged on.
The shortcoming of these protocols is not that they don’t perform these functions – they do. But what they can’t do is prevent devices from connecting to fake networks or networks without adequate security.
That’s been an issue for some time and it’s becoming a bigger one, as the mobile computing revolution sees more Australians logging on, more often, for business and personal reasons, while they’re on the move.
Wireless Intrusion Prevention systems – technologies which provide additional layers of security and seek to prevent devices from joining “evil” networks – can represent a partial answer but they’re not a solution entire.
Getting behind the push for change
What’s needed is a protocol that provides protection against this danger – an industry-wide technology that acts as a barrier between users and the illegitimate networks that seek to inveigle them into logging on, for their own invidious ends.
The Trusted Wireless Environment movement is pushing to develop one. With vendors around the globe working together to make wi-fi networks as secure as their traditional fixed line equivalents, its launch is likely to be a matter of when, not if.
Meantime, it’s incumbent on businesses and users to protect themselves when they’re travelling the wi-fi highways and byways. Failure to do so will see them open themselves and their organisations up to compromise and attack.
Mark Sinclair, ANZ Regional Director, WatchGuard Technologies
