I recently visited a customer site and noticed that their Wi-Fi password had been helpfully printed and pinned to the wall in several locations around the office.
It got me wondering, does it matter if we protect our Wi-Fi secrets?
To set the scene for you, the customer I visited is based in a large open plan office, with many visitors coming and going throughout the day. Visitors need to sign into the office, but once a visitor is in the office, everyone assumes they have the right to be there. No one hesitates to direct visitors to the Wi-Fi codes pinned to the wall.
Given enough motivation, the Wi-Fi codes could probably be read from the neighbouring office buildings. The Wi-Fi network has a strong signal. It can be accessed from anywhere in the office, the car park and from the main road that runs in front of the office building.
By sharing the password to a Wi-Fi network, all those Wi-Fi security protocols that you have heard of like WEP, WPA or WPA2 that are designed to keep unauthorised users out of a network, are of zero use.
So, let’s assume an attacker has gained access (used the password) to your Wi-Fi network, what are the basic bad things they can do? Now that the attacker has an Internet connection, they can visit illegal websites, download illegal material or attack other computers on the Internet. And they can do it all, sitting in the comfort of their car parked outside your office building.
You face the same risk when you share your Wi-Fi password with people who visit your home.
If crimes are committed using your Internet connection, the Police only know that the crime originated from your connection to the Internet. You may find it difficult to convince them that it wasn’t you who committed a crime, but someone else who used your Wi-Fi network.
Once an attacker is on your network, they have the same network rights and access that you have. This means they can see all the computers and devices on your network or at least on the Local Area Network (LAN) they have joined.
Once connected to the LAN, an attacker can test the defences of any device on the network and threaten your security in a range of ways. Your computers can be probed for weaknesses and known vulnerabilities, allowing the attacker to steal or damage your data. They can use readily available tools to perform this analysis and the subsequent attacks, and they don’t need advanced skills to do it.
Maybe they will attempt to spread malware on your network or try to get a shell on one of your computers.
Malware can cause a wide range of damage to your computers. It can steal or corrupt your data and it can use your computers to attack other users on the Internet.
A shell is the name given to a remote session to another computer. If the attacker gets a shell on one of your computers, they may be able to gain access to other computing resources in your organisation, that only you should be able to access.
A more advanced attacker might attempt to perform a man-in-the-middle (MITM) attack. Once an attacker is on your LAN, this type of attack is straight forward to setup for an advanced attacker. In a MITM attack, the attacker puts themselves between the target and the resource they wish to eavesdrop on. As far as the target is concerned, they are communicating with the Internet as usual.
One of the simplest methods to use to setup this attack, is to perform ARP Spoofing. Computers uses the Address Resolution Protocol (ARP) to discover which computers on the LAN have specific IP addresses. To access the Internet, your computer uses ARP to discover which computer is the default gateway and in turn, where it can access the Internet.
Unfortunately, ARP has no security and an attacker can use this fact to setup the MITM attack. Once on your LAN, the attacker tells the target computer that the attacker’s computer is the default gateway and the target computer will accept this as fact. Now when the target attempts to communicate with the Internet, all their network traffic will be sent to the Internet via the attacker’s computer. The attacker will forward all network traffic to and from the Internet to prevent the target from becoming suspicious, but only after they have read the target’s network traffic.
Most Internet traffic today is encrypted, so the attacker will need to do some more work to be able to read the target’s data.
The attacker will hope that the target visits websites that are using an older version of TLS (HTTPS) or maybe a badly configured website that is vulnerable to an SSL Stripping attack. Maybe the attacker will redirect the target’s web browser to a website under their control that will steal the target’s login credentials.
Whatever the attacker does, a MITM attack can be a very effective way to steal a user’s secret and private data.
As you can see, once you let an attacker onto your Wi-Fi network, they can cause quite a lot of harm, but we can all do things to mitigate this risk and we should.
If you work in an organisation that displays the Wi-Fi password in a visible place, speak to the right person about removing it. Let them know some of the problems it might create. Suggest changing the Wi-Fi password once in a while and store the Wi-Fi password in a secure password manager on your computer.
You should also do your best to keep your computer up to date with operating system security patches and make sure your computer’s local firewall is turned on.
If you are responsible for developing websites, make sure that you use the HTTP Strict Transport Security (HSTS) response header. The HSTS header prevents the SSL Stripping attack and forces your website to always communicate over HTTPS. Also consider using Public Key Pinning to force your website to use the correct TLS certificate.