The 2018 FIFA World Cup kicks off in Russia on June 14th, with Saudi Arabia taking on the hosts in Moscow. Approximately 2.5 million tickets are sold for the month-long competition, with 53% of those being in the hands of fans from outside of Russia. After the initial excitement of the World Cup settles, every attendee should be aware of the security risks that will be present. The UK’s National Cyber Security Centre is already warning fans about the risk in connecting to unknown WiFi networks, because of the risk of them being compromised by cyber criminals who surveile the network’s activity and steal sensitive credentials. With many of the tickets bought by businesses who intend to entertain selected clients and employees, the swift approach of both the World Cup and the remaining summer months present an issue for corporate cyber security. Not only will organisations have to deal with corporate devices leaving the country during the most popular holiday season of the year, but a mega-popular event such as the World Cup significantly increases the scale of the issue.
Who’s at risk?
Free and public WiFi is fundamentally risky because the service is generally offered by people whose job is not to secure and monitor the network. Public WiFi, we should clarify, refers to a wireless network that is open to customers, guests, or the general public. Password protection doesn’t make things safer, because individuals with nefarious intentions are just as able to access the network with the same password everyone else is using. So, people connect to a network that’s not maintained 24/7 – what’s the worst that can happen? Public WiFi isn’t inherently unsafe in and of itself, but it’s a plentiful breeding ground for malicious cyber attacks such as those dubbed the ‘Man in the Middle’. A Man in the Middle attack is initiated when an unsuspecting victim connects to a public WiFi network, e.g. in a coffee shop, but they’re tricked into connecting to a rogue access point, titled “Guest WiFi”, or similar. Once connected, they browse the internet and login in somewhere. Depending on the attacker’s motives, fake sites can be shown in place of real ones. So, if the victim browses towards Amazon.com and places an order, the Man in the Middle can read the login and financial credentials inputted and promptly steal them. These attacks can target both HTTP and HTTPS websites, but it must be said that any communication with a website running HTTP is especially vulnerable as the data communicated is sent in plain text.
Being abroad in the summer months can lead security-conscious people to connect to unsecured WiFi. This is probably because most people don’t have unlimited data when travelling abroad, so they’re forced to conserve their mobile internet. Naturally, when someone stumbles upon a free and reliable wireless internet connection, their first instinct is to connect. There’s a financial disincentive to continue using one’s mobile data instead of WiFi, so most people are unaware of (or simply disregard) cyber security advice to avoid unknown WiFi networks. The cyber attacker knows that most people will not go through the proper due diligence in verifying the network’s safety and safeguarding their own browsing, so they exploit these mistakes wherever possible.
Employees travelling to relatively unorthodox locations are at risk, again because of their relative desperation for an internet connection. Of course, C-level executives that attend meetings overseas can retire to their at least somewhat luxurious hotel at the end of the day, but what about those that take meetings in more remote parts of the world where these hotels are unavailable? Problems start arising where there is less reliable mobile data, which is more common in remote regions. Desperation kicks in and public WiFi becomes the travelling employee’s wolf in sheep’s clothing.
How are MITM attacks set up?
What may be most troubling about MITM attacks is that they are astonishingly quick and easy to set up. To illustrate this point, we asked one of our interns (who has zero coding experience) to set up and use a WiFi Pineapple on our internal wireless network. After viewing tutorials on YouTube and visiting the manufacturer’s forums, he successfully set up and started using the device. Once operational, several of his colleagues connected to his newly established network, which allowed complete overview of their device’s browsing activity. Costing just $100, the Pineapple can trick people into thinking that they are connecting to their desired network, when in reality they are connecting to the Pineapple’s spoofed network.
Interestingly, every single client that connected was a mobile device. This might be down to how the Pineapple takes advantage of mobile devices. The vast majority of mobiles search for wireless networks using a ‘probe request’ – the device sends out a signal that requests all the WiFi networks make themselves known and the network sends back a ‘probe response’, which lets the device know the name and details of the network. This is how your phone can ‘see’ what networks are nearby – and it’s by reading these requests that the Pineapple pretends to be the network that the device is seeking to connect to.
How do I stay protected?
MITM and other wireless network attacks can be prevented by adapting your behaviour and security solutions. In regard behaviour, the most powerful prevention is simply to assume that you’re operating in a hostile environment. That means only using online services that you’re sure your traffic is encrypted end-to-end, or using the service to work with low sensitivity. If you’re unsure about the security of network to which you’re connected, these rules prevent you from navigating to your online banking portal and giving away your credentials.
When you can’t be sure of the network’s security, you should opt to use cellular data wherever possible. This is especially applicable when communicating work-related materials and information, due to mobile data’s inherent nature of encryption. The cost of mobile internet is no longer as substantial as it used to be, and the increased cost of a roaming plan is almost certainly going to work out less than the pain and cost of a cyber attack.
Security measures such as a VPN can negate any threat of interference, and should always be used as a precaution. WiFi hardening is the process of beefing up your network’s security features, and should also be considered. Corrata takes this philosophy and uses it to fortify mobile devices. With Corrata, you can rest assured that your employee safety and organisational security is looked after.
For further reading, check out one of our previous blog posts on this topic.