‘’The era of wireless connectivity is ON! ’’
The world is growing at an enormous pace, technology is at the forefront and ushering the world into the new age of wireless devices surrounding us. The Internet is the medium that connects the whole world together. The 4.57 billion people on the planet Earth use the internet for a variety of different tasks i.e that’s almost 60% of the world total population.
Most of this population use a wireless device to access the internet like a smartphone, tablet or a laptop. According to the latest estimates from the International Telecommunication Union, there are 3.5 billion people who use a smartphone to use the internet and there are additional 7 billion IoT (Internet of Things) devices that are connected to the internet and with a major portion being wireless devices. This is a huge number of wireless devices that are connected to the internet. With these many gadgets around with a wireless connection, security becomes a major factor. The number of devices is expected to grow at an alarming rate with an expected 40 billion devices connected to the internet by 2021.
According to a Cisco study, there were around 169 million public wifi hotspots at the end of 2018 and they are expected to grow by up to 4 times bringing the number to a mind-boggling 628 million public wifi hotspots by the year 2023 i.e in 3 years time, this is excluding all the private home networks. The security on the wireless communication between the devices and the home routers/public wifi hotspots is governed by wireless security protocols regulated by Wi-Fi alliance.
History of Wireless Security Protocols
Protocol is nothing but a standard set of rules used to achieve an objective. These wireless security protocols that were introduced by the IEEE in the year 1999, the first protocol was introduced to secure the wireless communication between an access point(router) and the wireless devices.
WEP
As WEP was approved as a security algorithm by IEEE. It was created in order to give a security equivalent to the existing Wired LAN network hence the name Wired Equivalent Privacy (WEP). For 6 years till the introduction of WPA in 2003 this was the preferred security protocol for wireless networks. But this security standard was broken as early as 2001 showing how weak the encryption used in the protocol was.
The issue with WEP was it used a weak encryption algorithm called RC4, which had a small key size and attackers were able to guess a part of the key, which helped them to intercept and decrypt the communication taking place between the device and the router.
WPA
WPA (Wi-Fi Protected Access) was ratified by Wi-Fi alliance in the year 2003 as a direct response and replacement to the increasingly apparent shortcomings of the WEP standard. It was adopted a year before the WEP was officially retired in 2004. As WPA was built on WEP, it had the same shortcomings as the WEP and was almost equally vulnerable to the attacks as its predecessor.
WPA2
WPA2 (Wi-Fi Protected Access 2) was ratified by Wi-Fi Alliance in 2004, a year after WPA was introduced to the market, WPA was meant to be an interim solution to the drawbacks of WEP until WPA2 was rolled out to the world. This is more robust and more secure than the previous two protocols as the creators had decided to use AES encryption, which is a very strong encryption algorithm.
WPA3
WPA3 (Wi-Fi Protected Access 3) was ratified by Wi-Fi Alliance in 2018, a long overdue update from the WPA2 which was introduced in 2004, almost 14 years later. This is the third iteration of a security protocol which is designed and maintained by Wi-Fi Alliance. This is touted as the most secure of all the wireless protocols. It will still be a few years before this is widely used everywhere as this is not backwards compatible, meaning the current devices can not use the WPA3 protocol. Major router manufacturing companies like Cisco, Tp-link etc are coming up with new routers which support the WPA3 protocol.
The most common Wireless Network Attacks
Rogue Access point
An attacker can set up a fake Wi-Fi access point and lure people to it and then intercept the communication. One of the most common ways is to set up an access point in the airport or a coffee shop mimicking the same name used by the legitimate access point. People unaware of the fake access point will connect to it and browse the internet in a normal way but everything on the network is monitored by the attacker and he might be able to steal sensitive information.
Jamming
It is another name for the network interference, the aim is to disrupt the network and stop from any devices communicating on that particular wireless network. Jammers are radio devices which emit signals in a particular frequency so as to block the communication.
Packet sniffing
Attackers can take advantage of the fact that quite a few public wifi hotspots are set up poorly with security not the main concern. In a 2016 study by Kaspersky, they found that 25% of public Wi-Fi hotspots installed at malls lacked basic security controls. An attacker can set up a packet sniffer, a software which collects the data being exchanged in that network.
It is very important for an organisation to keep in mind these things when setting up their office network. A small negligence can lead to compromising the network and in turn harmful for the organisation.
As technology advances the need for a robust network with safe and latest encryption settings are a part of your safe cyber environment in your residence and as well as your organisation.
If your system is compromised or if you would like to be prepared you can contact us at info@rootfloe.com for a free consultation.
Shreyas is an Intern at Rootfloe and holds Masters degrees in Information Security from Royal Holloway University of London and Computer Networks from BMSCE Bengaluru.