How easy is it to be caught out by WiFi phishing?

A typical phishing attack could begin with a legitimate-looking email. You think the link is taking you to a known destination. Instead it leads you to a malicious site where you enter data that is important, such as your bank details, a password or worse, you told them what you did last summer! If this sounds like something you’ve done, you may have been phished!

Today phishing attacks can be hard to avoid, and even the most computer savvy user can be left questioning themselves. Sites offering simplified user journeys to login that are very convenient for users on legitimate sites, but what happens when you click “Log in with social” on a criminal’s website?

Don’t think phishing is limited to emails either. WiFi phishing stakes are just as high as users can be duped into thinking they are somewhere they are not. The user ends up entering all precious private data to the criminal.

The Rogue AP

A rogue access point is not an AP with light sabers for antennas. A rogue AP is one that has been installed on a network without the approval of IT. This could be entirely innocent with no malice intent, such as a user trying to extend the Wi-Fi coverage in the office, but how would you know for sure that the installer doesn’t in fact have ulterior motives.

The Evil twin

This one has nothing to do with Ash’s evil twin from the Army of Darkness. The “evil twin” access point is the name given to a variety of rogue access points that attackers use for nefarious purposes. Every evil twin is a rogue AP, but not every rogue AP is an evil twin. As the name suggest, the evil twin is evil by design, it impersonates an access point on the network with intent to help attackers compromise the network and data. As with many cyber-attacks, user behaviour makes this a real threat.

How do users associate with evil twins?

Users can be tricked into associating with an evil twin without knowledge of the transfer. If this happens to you, it is doubtful you would off even been aware until HR pulls you into a meeting room for a quick discussion about a data breach incident traced back to your user credentials. Typically the evil twin will ask the unknowing victim to enter their pre-shared key into a not-so-friendly fake portal. That’s right, the fake portal asked for your pre-shared key credentials and there was no reason for you to doubt its legitimate intent to enable you back onto the network. The real world problem of such an attack... you have handed over the front door key to your Wi-Fi network.

Where Wi-Fi phishing meets digital identity

WiFi phishing can be used to compromise digital identity. What happens when the attacker requests the user (a.k.a you) to enter single sign-on credentials? A world of opportunity is now presented to the attacker to freely access cloud-based file systems, access email accounts and even compromise your CRM system. Worries of negative press, GDPR violations and more come to mind... They should be on your mind too! Hackers who have obtain the credentials to access areas of your business could become a massive and costly data breach.

As a savvy IT user, you might think the example mentioned is unlikely to happen in the real world, that no one is that stupid to fall for an evil twin and that the likelihood of it happening to you is so slim you need not worry. I’m here to say it does happen, and not all users on your network are as “clued” up as you are reading this article right now and attackers pray on the naivety of users. So why make their life any easier?

The AP doesn’t even need to impersonate a legitimate access point to get a user to compromise his digital identity. Have you ever logged into a public Wi-Fi source and given doubt to its legitimacy?

How can you combat WiFi phishing, evil twins and other rogue APs?

As with any problem, there is normally a resolution. The first line of defence is the introduction of a wireless intrusion detection and prevention (WIPS/WIDS) system to your network.

Steps to avoid SSID proliferation can be taken which will make it easier to spot rogues in your environment. We would be happy to show you this feature within Ruckus Networks SmartZone. Many networks become cluttered with SSIDs, it's pretty common place. Best practice: don’t do this. Employ a system for centrally defining and managing policies for network access such as that offered by the Cloudpath solution from Ruckus Networks.

Taking steps to offer a reliable and seamless source of connectivity, you can make it less likely a user will seek out a malicious access point. Digital certificates, as the basis for network authentication, can help here. A certificate on the users device can also protect against devices connecting to evil twin APs when being spoofed.

We advocate the Ruckus Cloudpath Enrolment System as a great solution to roll out digital certificates for your users. We have successfully deployed it into dozens of high-profile companies across the UK. It equally addresses the security shortcomings of default methods of authentication that you may likely be using now by removing the need for a PSK.

If there is no PSK to divulge, there is also no risk to one being shared. Authentication based upon digital certificates removes the need for conventional PSKs as a mechanism for network access.

Alternatively if an enrolment solution like Cloudpath is in your opinion “overkill” another option is to use dynamic pre-shared keys, which are unique to each user. Guests typically get internet access only, with no access to sensitive internal resources and would be a typical case for using DPSK.

Last, but not least, avoidance by education is king. The more informed users are, the more savvy they are to avoid falling for such attacks and being socially engineeered.

Take measures to educate stakeholders to be careful about what WiFi sources they connect to and what information they enter when they do.

We provide a suite of professional services and cloud offering services for organisations looking to improve their networks performance, security or integrate a new network.

Don't forget, it's time to tighten up your WiFi networks security!