Mobile working Toolkit

Be aware of wireless threats

Tags:
Security,
Wi-Fi,
Attacks,
Encryption

Mike Mullins Tech Republic

Published: 21 Oct 2005 16:15 BST

Wireless access has become much more feasible in recent years, but that doesn't mean that security has kept up with its progress. Sure, you may be able to connect to a wireless access point from your local Starbucks and read your email while sipping a cup of coffee — but who else is out there enjoying the recent email instalment from your sister's vacation or perusing your latest bank statement?

To remain protected against such black hats, you need to stay on top of the latest wireless security threats — and make sure your users do the same. For example, most security professionals are aware of the man-in-the-middle attack, which occurs when a black hat is able to read, insert, and modify messages between two machines without either party knowing that someone has compromised the link between them.

This type of attack has somewhat faded due to physical security and the complexity of the current switched networks that usually reside between the two end points. But make no mistake: This type of attack is not obsolete.

The threat
In fact, a relatively new wireless tool is helping revive the man-in-the-middle attack. AirPwn, which debuted at DEFCON 12 in July 2004, requires two 802.11b network interface cards — one for listening and the other for injecting. It is currently only available for POSIX operating systems (i.e., Linux, BSD, and other Unix flavours).

Using this tool on an open wireless network can yield a couple different results. But neither situation is good news for the user. Let's look at the possibilities:

AirPwn can completely capture an entire wireless session. If a user logs on to check email and isn't working over an SSL connection, someone else can read everything he or she does while online. This includes capturing session tokens and hijacking a session after the user has logged in.
AirPwn can inject and redirect traffic to another machine. If a user browses to a Web site, a black hat can use AirPwn to inject content from a different location to the user's browser. This content could include anything from text, pictures, or harmful code which could compromise the machine.

The defence
AirPwn is a plague to the open wireless networks that exist all over the world. This is one more reason to teach users that they can't expect privacy while using a public network.

It's imperative that users understand the risks of using public access. In addition, they can increase their level of data protection by following one simple rule:

Limit the type of transactions conducted when connected to a public network.

When you leave your home or corporate network and connect to an open wireless network, your expectation of privacy and security should drop dramatically. There is no such thing as a trusted open network.

If you didn't configure the network and you can't identify everyone connected to the network, that means it's an open network. Remember that whenever you use an open network, someone could be listening and manipulating the information you see and send to others. If you have to log on to a site from an open wireless connection, make sure you use an encrypted connection.

Final thoughts
It's important that security professionals remain aware and knowledge about the tools the enemy has available. Just as vital is sharing this information with users and educating them about defending themselves.

I recommend visiting black hat sites and seeing what types of tools they have to use against you. The bad guys are certainly watching you — it's time you started watching them. Then, pass on that knowledge to the people you support.

Mike Mullins has served as an assistant network administrator and a network security administrator for the US Secret Service and the Defense Information Systems Agency. He is currently the director of operations for the Southern Theater Network Operations and Security Centre.