Delinea | Privileged Access Management Blog

Public Wi-Fi Security Risks: Behind the Scenes of a Wi-Fi Hack

Written by Delinea Team | Dec 29, 2020 5:31:00 PM

You snag a seat at your local café and open your laptop. Maybe you’re on the patio, grateful for the heater. The scent of coffee powers up your brain. The low hum of people chatting is welcome, after months of isolation. The logon page appears as you search for the Wi-Fi in your settings.

Despite the security risks of free Wi-Fi, 81% of people readily connect

What you don’t know is the backpack belonging to the person next to you contains a small black box with a few antennae sticking up. It’s called a “Pineapple,” and it’s about to hack your Wi-Fi connection.

Despite the security risks of free Wi-Fi, 81% of people readily connect to it, 99% without a VPN. The number of public Wi-Fi hotspots has quadrupled since 2016, to over 360 million, showing the rapid rise in these networks around the world. Research involving 500 CIO and IT decision-makers found that coffee shops are the most popular places to connect to a public Wi-Fi network, followed by airports and hotels.

When they take over your Wi-Fi connection, cybercriminals can execute a number of attacks. Man-in-the-middle attacks are the greatest mobile security concern—this is when an attacker captures the data flowing to and from the internet.

Depending on how careful you are with passwords and privileged accounts, cybercriminals can also leverage Wi-Fi hacks to access your email, log-in credentials for applications, and other sensitive data.

Read on to see exactly how criminal cybercriminals execute Wi-Fi attacks and how you can avoid becoming a victim.

Step-by-step Wi-Fi hack by an ethical hacker

Ethical hackers like Joe Carson, Chief Security Scientist at Delinea, conduct these types of hacks as part of penetration tests to warn organizations of vulnerabilities in their security controls and employee behavior. It’s revealing to see how easily malicious attackers could take advantage of common user behaviors and unprotected accounts with a set of inexpensive, readily available hacking tools.

Hackers are looking for the weakest link

Cybercriminals targeting Wi-Fi can decide whether to attack the network itself or to go after any connected devices. They’re looking for the weakest link, relying on a target to make mistakes.

There are several steps involved in wireless penetration testing:

  • Reconnaissance
  • Vulnerability research
  • Exploitation
  • Reporting
  • Remediation

Ninety percent of Joe's work is focused on reconnaissance—identifying what types of hardware, networks, services, and vendors a target is using. This helps him identify what types of Wi-Fi networks are used, email address formats, operating systems, etc. With this information in hand, Joe prepares his plan for an active engagement: the Wi-Fi hack.

Joe uses the Pineapple device to automate much of the work involved in setting up an “Evil Twin” Wi-Fi network. This $100 device from Hak5 is designed to mimic legitimate Wi-Fi networks and trick you into logging in.

Joe's 2.4GHz and 5GHz Dual Band Tetra Pineapple

 

He also uses Evil Portals, a collection of portals that can be used against Wi-Fi clients, to gain credentials or infect victims with malware. Dark Reading has an excellent article on how Evil Twin works from a technical perspective. This strategy involves setting up a Wi-Fi network with a name that is nearly identical to the one you think you are logging onto. For example, instead of “Coffeehouse Wi-Fi”, it might be “Coffeehouse FREE Wi-Fi.”

Sometimes cybercriminals combine the “Evil Twin” approach with a “Denial of Service” attack, which disables the authentic network, making their fake one the only one available. Mobile devices may connect to Wi-Fi automatically so that you don’t even know you switched networks.

 

Fake networks may have tell-tale clues on public Wi-Fi, such as no sign-in process with terms of service or no password required. However, a cybercriminal could also set up a “branded” log-in page that looks legitimate and requires you to create a username and password. Let’s say you create a password that you also commonly use for other accounts. You guessed it: once the cybercriminal captures your so-called “Wi-Fi password,” they can use it to access other accounts as well.

Joe gets a foothold by gaining access to the target’s laptop. He accesses settings, cookies that capture user behavior, images, and additional local information. He can leverage his target’s poor password behavior to steal credentials and gain access to his work environment. Ultimately, Joe bypasses controls to gain access to the target’s cloud environment.

What’s in your email?

Usually, Joe searches the target’s email for the word “password.” He might find that the user has emailed himself password information, essentially using email as a memory device instead of a secure digital password vault. “You wouldn’t believe how common this behavior is,” says Joe. “If we aren’t providing users the right solutions to remember passwords, they’re going to find a way to do it themselves.”

Through password information found in the email account, Joe gains access to the target’s expense reporting SaaS application. By leveraging these work-related credentials, he’s then able to reach further into the organization’s IT environment. From that point forward, Joe can use and abuse any number of sensitive and critical IT systems.

You don’t need to give up the coffee shop—or the Wi-Fi

Remote work is the new normal. You can continue to be productive no matter where you want to work with some basic Wi-Fi security precautions. We’ve grouped key recommendations for safe Wi-Fi use into two buckets:

Wi-Fi management strategies

  • Store as few trusted Wi-Fi networks in your devices as needed
  • Purge networks you don’t need from your preferred network list
  • Disable auto-connect when joining networks
  • Rely on a VPN when connecting to sensitive information

Password management strategies

  • Use strong, complex passwords
  • Never reuse or share passwords
  • Set up two-factor authentication and single sign-on
  • Use a password manager for personal passwords
  • Use Privileged Access Management tools that eliminate the need to remember, interact with—or even see—passwords.

Remember, cybercriminals, are looking for low-hanging fruit. They need to get in and get out quickly without being detected. By setting up some roadblocks, you can still use Wi-Fi safely, whether you’re in a café, airport, hotel, or another public place, and avoid being easy prey.