Business & Technology

Is Wireless Technology Secure?

By Fortinet | July 11, 2018

Wireless technology has become so integrated into our personal and professional lives, today, that we can’t imagine life without it. Businesses rely heavily on it to conduct their operations, mobile network providers use it to transfer voice and data over great distances, and it provides the average user with Internet access at all times whilst on the go.

However, while we all take wireless access for granted, are we aware of the security risks when using it?

In this blog, we speak to John Battam, who is the Consulting Systems Engineer at Fortinet Australia and is focused on Fortinet’s wireless business across the Asia-Pacific region. John specialises in the delivery of wireless solutions, and as the demand for wireless infrastructures continues, his role is to develop new approaches to ensure that it can meet the demands of tomorrow.

How has Wireless grown and evolved over the years?

From a Wireless network perspective, 802.11 (Wi-Fi) has grown from a technology often scoffed at by industry leaders in the late nineties as something that will never take off. However, today it is now the primary connectivity method for almost all devices connecting at the edge of all modern home, mid-market and enterprise networks. It’s been an amazing evolution, as it has created the world without wires that we enjoy today.

Why has the digital security of wireless been generally overlooked?

In general, wireless standards don’t account for a high level of security. While there are more secure encryption methods today, many weaker versions such as WPA and WEP are still being used internationally. This is mainly because certain older devices don’t support the newer methods that are far more secure.

Take WPA2-PSK (Wi-Fi Protected Access 2 - Pre-Shared Key), which uses CCMP/AES – this is a 128bit encryption process and is very secure. However, even with this better system, everyone is sharing the same Pre-Shared Key (PSK), which opens other doors to vulnerabilities.

A PSK is a security mechanism used to authenticate and validate users on a wireless connection. So, despite the raised levels of encryption, if everyone uses the same PSK, and one device is breached, they all could be vulnerable.

For example, when someone leaves a business, if you don’t update your PSK (which many businesses fail to do) then you have left the door open for a potential revenge attack.

The same can happen when the PSK is the same for all devices. A user who knows the PSK can capture the 4-Way handshake that occurs when wireless device is connecting and use this to look at anyone else’s data going over the air on the same wireless network. The 4-Way handshake becomes somewhat easy to capture if the wireless network is vulnerable to de-authentication attacks. Which unfortunately most are because the method to prevent this from occurring, protected management frames (PMF), is not supported by many wireless devices.

What wireless security issues can result in a breach of confidential data and how can an individual or business avoid this occuring?

The range of security issues is significant.

Firstly, many businesses still deploy their wireless networks using weak or obsolete encryption methods such as WEP/WPA-TKIP due to backward compatibility with older devices. These methods are relatively easy to compromise, and even worse, if you use them your WiFi network will take a significant performance hit, with a max data rate of 54Mbps.

Secondly, as previously mentioned, using a single PSK for all devices can leave your devices exposed to an internal attack. This means that someone can set up an Access Point (AP) that is broadcasting the same wireless network name (‘SSID’) as another trusted source, which creates what is known as a virtual honeypot or fake AP. You may think you are connecting to, say, the airport’s wireless network, or McDonald’s free wireless, when in fact you’re connecting to a third party pretending to be that wireless network. The best defense against this is to utilise wireless intrusion detection tools (WIDS) which come built into most enterprise grade wireless platforms.

Most free WiFi networks are Open, hence no encryption of traffic is performed. Therefore, anyone using an air packet capturing tool can view and see all of your unencrypted data, such as accessing websites starting with HTTP where no encryption is used (as opposed to HTTPS). If you are using an open network it’s recommended to use a secure access method such as a SSL-VPN to protect against eaves-droppers.

Finally, it’s also important to note that just because your business might be using WPA2-Enteprise security methods that these can also potential be vunerable to dictionary style and/or man in the middle attack. Authentication methods such as PEAP/EAP-TTLS based authentication whilst are highly secure, if the business has weak password policies or the password policy is overly complex (resulting in the user writing it down and sticking it on their monitor for all to see) could result in a third party accessing the wireless network and more.

Further to this If insecure authentication methods are used such as LEAP/MD5 where the password is sent via clear text or in an easily decrytible hash this also leaves the door open for a potential breach to occur.

The best countermeasure to these attacks is to use certificate based authentication methods, which removes the human password factor and to enforce the client to validate the certificate during the authentication phase.

Australia is generally considered to be at the forefront of this technology, given our geographical distance and the need to rely more heavily on it—are we leading in WiFi security as well?

It is well known that the Australian CSIRO and electrical engineer, John O’Sullivan, is credited as the inventor of WiFi as we know it. But while we use this technology heavily in our day-to-day lives, from long reach point-to-point communications networks to checking our bank balances, I don’t believe we are leading the way in security on this front.

Instead, the main research into wireless security is happening in places such as China and India, which is where much of the current development for the 802.11 standard and security methods now occurs.

What should we be doing to educate the general public about the risks?

I’m not sure this is possible. The only way to reach a mass audience is via marketing. Unfortunately, many marketing models create misunderstanding for the general public, because while they explain broad concepts around how wireless security works, they also unfortunately often contain a lot of arcane information that only work for a specific case use and are often not easy for the general public to implement.

While we can teach technical staff best security practises around wireless networking and hope they pass this knowledge on, the best method would be to resolve the risks via new wireless security methods. For example, with the introduction of WPA3 and Enhanced Open security methods, many improvements have been made to increase wireless security without end-user interaction.

How would you recommend businesses address these issues in the short and long-term?

This really needs to happen from the top down.

Implementing the best wireless security methods is often not easy. However, training internal IT staff with the relevant knowledge and skills via Industry training courses, such as CWNP (Certified Wireless Network Professionals), is probably still the best solution for businesses looking to work with 802.11 wireless networks. These courses provide an in-depth understanding of the fundamentals combined with best practises to use when implementing wireless networks, especially when it comes to choosing the best security methods.

If a business doesn’t have sufficiently qualified IT staff, they should reach out to industry professionals for assistance and not just assume that because they know how to set up their home wireless router they can set up a business or enterprise-grade network.

What’s next for wireless?

The next real steps in the wireless space are founded by what the new 802.11ax standard, WPA3 and Enhanced Open security methods are bringing to the table.

802.11ax is designed to address many common issues with wireless networks, ultimately improving efficiency and throughput using methods such as BSS Colouring and a multi-user version of the OFDM (modulation scheme) being OFDMA, which is a technology currently used in 4G/LTE mobile networks. This will improve the user experience and further embed Wi-Fi as the primary network access medium.

From a security standpoint the introduction of WPA3—the successor to WPA2, will disallow outdated legacy protocols, require use of Protected Management Frames (in order to prevent de-authentication attacks) and add features to both the personal and enterprise authentication methods to further enhance wireless .

WPA3-Personal will include a secure key establishment protocol between devices, the Simultaneous Authentication of Equals (SAE), this will provide stronger protections for users against the use of weak password and password guessing attempts by third parties.

WPA3-Enterprise will introduce stronger encryption methods with a 192-bit security suite.

We will also see a new “Enhanced Open” feature which allows supported devices to be able to dynamically setup encryption over the air even on an open network. This is based on opportunitics wireless encryption (OWE) that was initially planned to be part of WPA3.

It is however likely that there might be certain features that won’t be available in the initial release, let’s call it “802.11ax Wave 1,” so we might not see some of these features released until “802.11ax Wave 2”.

How does Fortinet help businesses get the most out of their wireless?

Fortinet is adding a whole new layer of security using our advanced threat protection automation capabilities, which act as a layer of Artificial Intelligence for your wireless network.

Fortinet’s wireless networks are capable of detecting when a wirelessly connected client is compromised (i.e. malicious websites have been accessed) and then taking a defined set of actions, such as blocking or quarantining the client’s IP and/or MAC address, or even sending an email to someone who can take action to resolve the issue.

A message can also be displayed on the user’s device via their web browser explaining that their device has been compromised and is now quarantined. Yet, the quarantined device will still be able to access sites such as their antivirus vendor in order to remediate the issue. This functionality is unique to Fortinet.

We also offer a means to protect IoT devices. Using our Multiple Pre-Shared Key feature (MPSK), we are able to provide each and every device or user with their own passphrase to access the wireless network. To date, we support 16,000 individual PSKs per wireless controller, which is far more than any other vendor currently offers.

 

For more reading, our paper on "Covering the Gaps in IoT Security” provides details on the security risks of IoT and what organizations can do to address them.

Join the Discussion