Evil twins! Man-in-the-middle attacks! Sniffers, monkey-jacks, and airsnarf!
There’s a lot more lurking in that café hotspot than extra calories from a decaf macchiato with a double pump of hazelnut.
More businesses than ever before are un-tethering their staff to work from the road, the problem is “the road” is typically a very public, very vulnerable place to access into the company’s very private, very proprietary network.
According to JiWire, a mobile ad networking company that tracks Wi-Fi trends and information, there are more than 50,000 so-called public hotspots in the United States and more than 140,000 worldwide. Hotspots are typically located at places like cafes, airport waiting areas and hotels, and offer paid or free Internet access to people on the go.
If your employees are counted among the many that drop in to log in, then taking precautions to safeguard company data needs to be a priority. “It’s potentially a big hole in your network,” says Todd Carter, author of The Wireless All-in-One Desk Reference for Dummies. Carter advises mobile workers to be protected from the moment they log in using either the company virtual private network (VPN) or some sort of encryption software. “Bottom line: encrypt everything,” says Carter.
“A secure sockets layer (SSL) VPN is ideal because it’s encrypted,” agrees Mark Tauschek, a senior research analyst from InfoTech based in London, Ontario. “You must mandate VPN usage for all employees. Just tell them if they’re going to log on from a public hotspot, they must log onto the company VPN first. There are literally hundreds of kinds of attacks launched against hotspot users.”
Here’s a roundup of the most popular methods of attack and the best way to protect your business.
Evil twin (similar to airsnarf)
“It’s become one of the most frequent kinds of attacks in this area. It’s typically launched from someone on a laptop as close as the table next to you or as far away as the apartment across the street,” says Tauschek.
What happens: a user tries to log in and finds two access points. One is legitimate, while the other is an identical fake (evil twin). The unsuspecting user picks one. If it’s the fake, the hacker gets login information and access to the computer. In the meantime, the user goes nowhere. He or she probably thinks it was just a login attempt that randomly failed.
- Best prevention: Check with the hotspot manager and make sure they use what is called a wireless intrusion protection system (WIPS). WIPS are more strongly associated with use at the enterprise level, but many hotspots have now adopted them.
This is why you need to log on using the company VPN or use encryption software.
The hacker eavesdrops on traffic coming and going while cherry picking any information that may seem valuable.
- What happens: The “man-in-the-middle” that launches the attack is called a sniffer. A sniffer is a type of hacker that quietly intercepts information en route for the purpose of identity theft or to spoof the user’s Mac address or IP address, in the case of a PC user. Sniffing software is easy to come by with some brands even offering it as a free download. “Packet capturing products are legitimately used by IT departments all the time. But in the hands of a hacker, it’s a handy little tool to wreck havoc with,” says Tauschek.
- Best Prevention: Any solution that encrypts should do the trick, whether it’s the company VPN, a WIPS protected hotspot or encryption software on the laptop. If you are attacked, there’s no way to track down the “sniffer” because it’s a passive act and therefore doesn’t leave a trail.
Denial of service
With this kind of attack, it’s not the company data that’s at risk. Typically, it’s the user’s patience.
- What happens: A hacker stakes out the area from a nearby location with a high gain amplifier drowning out the legitimate access point. Users simply can’t get through to log in or they are knocked off their connections by the overpowering nearby signal. A monkey jack, for example, is one kind of DoS attack designed specifically to boot everyone off the network or access point to gain sole temporary control.
- Best prevention: Leave. This is one of those times that neither a VPN nor WIPS can help. “It’s what I call a layer one attack. Nothing is really compromised, except your convenience,” says Tauschek.
Of course, the greatest security risk for road warriors doesn’t come from online hackers. It’s usually comes from a lapse in vigilance resulting in a lost or stolen laptop or other mobile device. Employees also need to be reminded to beware of curious onlookers as they work with sensitive files in public. An open notebook left unattended while waiting for that macchiato could prove to be the most devastating security breach of all for the home office.