Back to Top

Essential wireless security issues


Wi-Fi networks provide several important business advantages in comparison with their wired counterparts. However, they can also introduce serious security risks. According to wireless security expert George Hardesty, CEO of Data Alliance, man-in-the-middle (MitM) attacks continue to be the most common Wi-Fi threat. Hackers make use of MitM to intercept communication between two parties, and will often get access to unencrypted data and information, especially for sites and web-based applications that don't utilize HTTPS authentication and encrypted data transfers.

Rogue Wi-Fi networks are used by cybercriminals who set up wireless hotspots that mimic trusted networks. A hacker who is sitting in the lobby may set up a hotspot which has a name that's identical with the hotel that you are currently staying at, for example. It's quite clear that some people will connect their devices to the hacker's open hotspot, becoming part of his network. Then, all the data that's shared on their devices will be accessible to the cybercriminal, who will often use a software vulnerability to plant malware on the cell phones, and then get access to the desired information.

Rogue wireless access points (WAPs) are often installed by company employees, with the goal of extending the range of an existing Wi-Fi network. However, some of these WAPs won't be configured properly, so they'll be vulnerable to cyber attacks.

Evil twins are similar with rogue access points, but they are set up by hackers. They mimic legitimate WAPs by cloning them; therefore, when an employee connects to an evil twin, he or she will send all the information to the hacker.

Cyber criminals also use network security applications called "packet sniffers" to intercept, and then analyze data packets. While packet analyzers are used by cybersecurity experts to test the integrity of wireless networks, many hackers make use of them as well.

Endpoint attacks are often triggered due to human error. Evil web programmers set up websites that can compromise wireless and wired network security whenever they are accessed. These types of attacks are successful when people click infected links that are included in emails which are sent by unknown senders. Sometimes hackers will get access to a particular email account, and then send infected emails to all the contacts that are stored in that person's address book. This trick increases the infection rate significantly, because the email containing that enticing link seems to come from a known (and often trusted) person, and not from a total stranger.

Worms are similar with computer viruses, but they can replicate themselves, spreading across the network on their own. So, if a device is not properly patched and/or uses faulty applications, it will get infected by simply connecting to a wireless network.

As mentioned above, mobile apps can be another source of trouble. If a piece of software that's installed on your smartphone allows resource sharing, for example, a hacker may be able to install malware on your phone. Also, some nefarious programmers create legitimate-looking apps and offer them for free, but those applications will silently collect, and then send the information that's stored on your phone while you are playing that nice-looking racing game.

To stay on the safe side, be sure to use a Virtual Private Network (VPN) whenever it is possible to do so. Most VPNs will do a good job, encrypting the sent and received data, and thus making it almost impossible for hackers to get access to it. More info about Virtual Private Networks can be found here.

Don't ever access sites that don't make use of SSL connections. Most popular websites have already switched to HTTPS, so be sure to visit only the ones that display a green padlock icon in the browser's URL bar.

Finally, uninstall all the applications that want to share your data; yeah, remove the ones that claim to share a single folder as well. If you want to minimize security risks, you should reduce the number of installed apps to a minimum.