You snag a seat at your local café and open your laptop. Maybe you’re on the patio, grateful for the heater. The scent of coffee powers up your brain. The logon page appears as you search for the Wi-Fi in your settings.
What you don’t know is the backpack belonging to the person next to you contains a small black box with a few antennae sticking up. It’s called a “Pineapple,” and it’s about to hack your Wi-Fi connection.
Despite the security risks of free Wi-Fi, 81% of people readily connect
Despite the security risks of free Wi-Fi, 81% of people readily connect to it, 99% without a VPN. The number of public Wi-Fi hotspots has quadrupled since 2016, to over 360 million, showing the rapid rise in these networks around the world. Research involving 500 CIO and IT decision-makers found that coffee shops are the most popular places to connect to a public Wi-Fi network, followed by airports and hotels.
When they take over your Wi-Fi connection, cybercriminals can execute a number of attacks. Man-in-the-middle attacks are the greatest mobile security concern—this is when an attacker captures the data flowing to and from the internet.
Depending on how careful you are with passwords and privileged accounts, cybercriminals can also leverage Wi-Fi hacks to access your email, log-in credentials for applications, and other sensitive data.
Be sure to download Delinea's checklist for security tips for employees working remotely:
Then, read on to see exactly how cybercriminals execute these attacks and how you can safeguard your organization from users who access free Wi-Fi, or avoid becoming a victim yourself.
Step-by-step Wi-Fi hack by an ethical hacker
Ethical hackers conduct these types of hacks as part of penetration tests to warn organizations of vulnerabilities in their security controls and employee behavior. It’s revealing to see how easily malicious attackers could take advantage of common user behaviors and unprotected accounts with a set of inexpensive, readily available hacking tools.
Hackers are looking for the weakest link
Cybercriminals targeting Wi-Fi can decide whether to attack the network itself or to go after any connected devices. They’re looking for the weakest link, relying on a target to make mistakes.
There are several steps involved in wireless penetration testing:
- Reconnaissance
- Vulnerability research
- Exploitation
- Reporting
- Remediation
Ninety percent of my work is focused on reconnaissance—identifying what types of hardware, networks, services, and vendors a target is using. This helps me identify what types of Wi-Fi networks are used, email address formats, operating systems, etc. With this information in hand, I prepare my plan for an active engagement: the Wi-Fi hack.
I use the Pineapple device to automate much of the work involved in setting up an “Evil Twin” Wi-Fi network. This $100 device from Hak5 is designed to mimic legitimate Wi-Fi networks and trick you into logging in.
I also use Evil Portals, a collection of portals that can be used against Wi-Fi clients, to gain credentials or infect victims with malware. Dark Reading has an excellent article on how Evil Twin works from a technical perspective. This strategy involves setting up a Wi-Fi network with a name that is nearly identical to the one you think you are logging onto. For example, instead of “Coffeehouse Wi-Fi”, it might be “Coffeehouse FREE Wi-Fi.”
Sometimes cybercriminals combine the “Evil Twin” approach with a “Denial of Service” attack, which disables the authentic network, making their fake one the only one available. Mobile devices may connect to Wi-Fi automatically so that you don’t even know you switched networks.
Fake networks may have tell-tale clues on public Wi-Fi, such as no sign-in process with terms of service or no password required. However, a cybercriminal could also set up a “branded” log-in page that looks legitimate and requires you to create a username and password. Let’s say you create a password that you also commonly use for other accounts. You guessed it: once the cybercriminal captures your so-called “Wi-Fi password,” they can use it to access other accounts as well.
I get a foothold by gaining access to the target’s laptop. I access settings and cookies that capture user behavior, images, and additional local information. I can leverage my target’s poor password behavior to steal credentials and gain access to their environment. Ultimately, I bypass controls to gain access to the target’s cloud environment.
What’s in your email?
Usually, I search the target’s email for the word “password.” I might find that the user has emailed themselves password information, essentially using email as a memory device instead of a secure digital password vault. You won't believe how common this behavior is. If we aren’t providing users the right solutions to remember passwords, they’re going to find a way to do it themselves.
I gain access to the target’s expense reporting SaaS application through password information in the email account. By leveraging these work-related credentials, I'm able to reach further into the organization’s IT environment. From that point forward, I can use and abuse any number of sensitive and critical IT systems.
Speaking of passwords and risks, I recommend you never save passwords using a browser’s “Remember Password” feature. Delinea's free tool pinpoints which users in your organization are storing passwords in their browsers:
Pinpoint risky stored passwords in minutes
You don’t need to give up the coffee shop—or the Wi-Fi
Remote work is the new normal. You can continue to be productive no matter where you want to work with some basic Wi-Fi security precautions. We’ve grouped key recommendations for safe Wi-Fi use into two buckets:
Wi-Fi management strategies
- Store as few trusted Wi-Fi networks in your devices as needed
- Purge networks you don’t need from your preferred network list
- Disable auto-connect when joining networks
- Rely on a VPN when connecting to sensitive information
Password management strategies
- Use strong, complex passwords
- Never reuse or share passwords
- Set up two-factor authentication and single sign-on
- Use a password manager for personal passwords
- Use Privileged Access Management tools that eliminate the need to remember, interact with—or even see—passwords.
Remember, cybercriminals are looking for low-hanging fruit. They need to get in and get out quickly without being detected. By setting up some roadblocks, you can still use Wi-Fi safely, whether you’re in a café, airport, hotel, or another public place, and avoid being easy prey.
Are you looking to protect your organization from the risks associated with free Wi-Fi use? This interactive demo shows you how to securely manage remote workers and third-party vendors with a VPN-less, browser-based Remote Desktop Protocol (RDP) and SSH (Secure Shell) solution.
