Home News Wifi weaknesses still prevalent

Wifi weaknesses still prevalent

by Brian Sims

Google Android, Apple iOS, BlackBerry and Windows Mobile devices have an inherent security weakness in the method they use for connecting to Wi-Fi networks that has the potential for exploitation by skilled cyber-attackers claims Raul Siles, a SANS Instructor. The vulnerability is dependent on how the network is added to the device and stems from the procedure where mobile devices keep a list of manually configured wireless networks plus any networks previously connected on a Preferred Network List (PNL). Every time the Wi-Fi interface is switched on, and on a periodic basis, the device checks through 802.11 probe requests what networks on its PNL are available in the current location. Based on the responses obtained, it tries to connect to the most preferred network. In the past, this network discovery process was performed by sending a generic probe request as an open broadcast plus specific requests for every network in the PNL. This meant devices disclosed the full PNL in the air, exposing themselves to karma-like attacks where an attacker can identify all the networks (or access points) the mobile device is trying to connect to and impersonate them. These fake networks can trick a victim’s device into connecting to the attacker’s network that then captures and manipulates its traffic to launch additional advanced attacks. ‘This situation has been known since 2004; Microsoft fixed it for Windows XP in 2007 and recently in Windows Phone devices, but it seems the other mobile device vendors are not as concerned,’ states Siles. PNL disclosure still applies to the latest Android 4.x versions and was acknowledged but not fixed since Android 2.x-3.x dating back to 2011. It is also prevalent when adding Wi-Fi networks manually in iOS 1.x-6.x and in BlackBerry 7.x, although in this platform it can be resolved from the advanced Wi-Fi settings, and in particular by enabling the SSID Broadcasted option. ‘In some cases, there are options that can be changed to avoid this issue but on most devices when a Wi-Fi network is added manually it presents the vulnerable behaviour and few users are aware of the security implications’, Siles claims. He believes that end users, corporate administrators and security professionals using or managing Android, iOS or BlackBerry mobile devices should become more aware of this behaviour and ensure that all the Wi-Fi networks available on the device PNL are treated as visible. He adds, ‘I need to stress that these types of client attacks are commonly left unchecked, and without consideration the modern smartphone could become the ultimate digital Trojan Horse, allowing attacks to breach ultra-secure locations. The threat grows as individuals start mixing personal and corporate activities, logons, confidential data and applications all on the same device.’ Siles also claims that the lack of attention to Wi-Fi security is not an oversight but intent by Google, Apple, and others to make device operation simpler for users. He says, ‘Unfortunately, a clever and targeted attack can use these simplifications as a staging post for a more damaging assault which traditional detection capabilities would be unlikely to spot.’

You may also like