Welcome to the Fast-Air Tech Talk newsletter. The Tech Talk newsletter is a free service for all Fast-Air customers. Please feel encouraged to suggest newsletter topics.
Security is a process. There is no single one-size-fits-all solution. The shift in computers toward mobile devices has created security challenges few people envisioned only a decade ago. Mobile computer devices include smart phones, laptops, and tablets.
Security is hard. Computer security is no exception. Protecting computers and data is part of computer security. Sadly, many people choose convenience rather than security and they pay a steep price for such actions.
Common these days are something known as public or open wireless access points (APs). Often these APs are called hotspots. Places where free wireless APs might be available include stores, restaurants, roadside rest areas, hotels, convention centers, airports, and airplanes.
Many people use public or open wireless APs with their general purpose computers such as laptops and tablets. Internet cafes and cyber cafes are common. While some people charge for this wireless usage, many people provide free wireless access.
Typically smart phones connect to a vendor’s wireless network and are secure. There are times when a vendor’s phone network is unavailable. Sometimes to avoid data caps or other usage limits people using smart phones will use free public wireless hotspots rather than the vendor network.
Usually laptops and tablets are not tied to a specific vendor’s network and only connect to public hotspots when not being used at home or the office.
These public or open connection portals to the Internet present many security challenges.
Many public APs are not secure. No authentication is required to use the service. More importantly, the connection is not encrypted. Everything is transmitted in clear text.
An unsecured connection means anybody can view the connection contents. How?
Wireless propagates in the air rather than being confined through a cable. Anybody with basic networking tools can monitor these wireless connections. In networking lingo this is called packet sniffing or just sniffing the network. Without encryption, passwords, credit card numbers, bank account information, and other sensitive data are easily captured and saved to other computers. This information may be used later for malicious purposes.
Sometimes a public hotspot provider is not to be trusted. Not having a secure connection means the owner of the hotspot can monitor the connection. Peeping Toms of the modern electronic age. There is no way for customers to know whether the hotspot provider or employees sniff the connections.
Some people who offer public wireless understand the security challenges. Some of these providers configure their wireless APs much as they would at home or in their private business. They use the WPA2 protocol and encryption. Using that kind of configuration requires a password to connect to the network. Often these types of public wireless providers conspicuously post the AP information inside the building. While the password is publicly knowable, all connections to the wireless AP are encrypted. The security is not through the password but through the encryption. That means the contents of all connections between the customer’s computer and the AP are not usable by anybody with sniffing tools. They can still monitor and view the traffic but cannot capture useful information.
Security is all about layers. Important to know is connecting to a secure wireless hotspot only encrypts that local connection between the computer device and the local AP. The connection is not encrypted after leaving the AP to the Internet. Encrypting and securing that part of the connection requires additional sweat equity and is the responsibility of the computer user — you. This includes the connection from the wireless provider’s AP to the provider’s servers, which then connects to an ISP. Everything after the AP is not encrypted unless configured that way by the user.
This holds true even when at home or the office and using a wired or wireless connection. Without extra effort everything transmitted through the Internet is not secured and encrypted. Similar to secure public hotspots, Fast-Air systems use encryption from the CPE to the Fast-Air servers, but that is where the ISP security and encryption ends.
An unencrypted wireless AP at home or in the office is just as easy to sniff as a public connection. In a crowded urban area, malicious actors can sit in a nearby home or building and monitor connections.
The rabbit hole gets deeper with public wireless hotspots.
In addition to easily viewing the contents of unencrypted content, a common tactic with malicious actors is to trick others into using “fake” hotspots as an AP rather than the actual AP in the building. These fake hotspots are known as evil twins.
These malicious actors configure their computers, usually laptops, to broadcast a Service Set Identifier (SSID) and simulate being an AP. The SSID is the “human” name of the wireless network. There also is a Basic SSID (BSSID), which is the MAC address of the AP. This information is easily spoofed by malicious actors.
These malicious hotspots look legitimate by using SSIDs such as “Airport Wi-Fi” or “Cheesy Restaurant Free Wireless.” Unsuspecting customers not paying attention connect to the malicious actor’s computer. The malicious actor views all of the connection contents to capture sensitive data. This kind of trickery is called a man in the middle (MITM) attack.
The fake hotspot computer could be configured to provide fake security certificates. When unsuspecting customers use HTTPS in their web browser, the fake certificates allow the malicious actor to decrypt the contents of the connection.
Sometimes these malicious actors will install malware known as keyloggers onto the unsuspecting user’s computer. Thereafter anything typed on the computer by the user, even at home or in the office, is relayed back to the malicious actor’s servers. Other malicious people might use the opportunity to reconfigure Internet connections, such as DNS servers, such that future connections will route through the malicious actor’s servers. All of this is to capture sensitive data, such as bank account logins and passwords or business secrets.
Savvy malicious actors imitate the real AP in all aspects. The SSID, BSSID, encryption protocol, and IP address will be exactly the same. How then do customers distinguish the real AP from the malicious AP?
They can’t.
Therein lies the perils of public wireless networks.
The only recourse for public wireless providers is to run software that detects whether additional hotspots with the same credentials are running in the area.
Users have options when using public hotspots. More next issue.
Technical trivia: The World Wide Web (WWW) uses the Hypertext Transport Protocol (HTTP). Before the web existed a popular Internet protocol used was called Gopher. The Gopher protocol was developed by students at the University of Minnesota, hence the name. The Gopher protocol can still be used. When using a web browser, the URL prefix gopher:// is used rather than http://. The World Wide Web exists today largely because the Gopher protocol existed and allowed people to test and discuss the new protocol.
Next issue: Public Wireless Security – Part 2
Someone once said that our true character is who we are when no one is looking.
Video
- Free Gift Phishing Scams (Notice 2020-001) - January 15, 2020
- Tech Support Phone Scam (Notice 2019-001) - March 14, 2019
- VPNFilter Router Malware (Notice 2018-007) - May 30, 2018