There are hundreds of thousands of free public Wi-Fi spots throughout the UK. Widespread connectivity and free accessibility are two appealing features that tempt users to open up their devices for on-the-go convenience.
However, uncontrolled access to public Wi-Fi hotspots and robust mobile security often conflict with one another. Cyber-criminals now find it increasingly easy to attack public Wi-Fi networks using ‘Man in the Middle’ (MitM) techniques which allow the attacker to clearly view all information transmitted across networks.
When it comes to awareness, how savvy are these users of the lasting implications of opening up their personal data to the general public?
Research conducted by Action Fraud, the UK's national fraud and internet crime reporting centre, found that 77 per cent of people did not think that public Wi-Fi was any less secure than their personal internet connection. The findings show a frightening lack of awareness concerning the potential security vulnerabilities linked to public Wi-Fi.
Public Wi-Fi has gained a notorious reputation in mobile security as one of the weakest links due to its minimal level of data security, but despite negative word of mouth it seems the general public – including employees – are still connecting to vulnerable networks. With social engineering and MitM attacks taking place more frequently, educating users and employees has never been more necessary.
MitM attacks explained
A ‘Man in the Middle’ (MitM) attack involves a malicious actor inserting themselves as a relay/proxy into a cyber-conversation between two parties – such as a device and the web server it’s trying to communicate with. The attacker can intercept the information being transmitted and exploit the data within the online communication. The hacker can also identify a person’s location, gain access to personal messages and access stored information within the device.
Mobile apps and devices need to connect with remote servers in order to function, and most do securely with a HTTPS connection. However, problems emerge when apps fail to use standard authentication methods. In some cases, the app will not reliably check the certification of the server, or the server’s hostname. To ensure that a secure connection is made, the certificate name and server must be matched, the certificate must be issued by a trusted certificate authority and the certificate date must be valid. If any of these tests do not pass, neither the app nor the device can identify if data is being hijacked and sent to a new web location.
It is also worth noting that MitM attacks can also come in the form of a spoof network or ‘evil twin’. Hackers can pose as shops, hotels or restaurants offering free Wi-Fi, and then infiltrate the user’s device once they have unwittingly connected to their network.
Without the knowledge of what damage could be caused by connecting to open networks, enterprises are putting themselves in a very vulnerable position when their employees are working remotely. Within the enterprise, some individuals are more vulnerable to attacks than others – this includes those who hold senior and executive positions that may handle more sensitive information within their emails and on their devices. Hackers are intelligent, and know how to gain sensitive information from open networks.
The problem is not subject to particular models or devices – it runs throughout Android and iPhone devices. In April 2015, a vulnerability was discovered which affects approximately 1,500 iOS apps that try to establish secure connections, with the result that anyone intercepting data from these apps on an iPhone or iPad could access logins and other sensitive information transmitted via HTTPS. This has recently been followed up by KeRanger, the first ransomware to strike Apple’s OS X.
Android users have had received similar warnings – it has been estimated that nearly three quarters of the top 1,000 free apps in Google Play don’t check server certificates, and the same amount of those ignore any SSL errors that pop up when they communicate with the app server.
How to educate
There is no one size fits all solution that will alleviate the issue of public network attacks. But educating users on the severity of what an attack entails is the first step. Security-aware individuals make for the most effective defence mechanism for enterprises. Arming your employees with the knowledge of what the implications of MitM attacks mean will put you in the best position moving forward to protect your sensitive company information.
Standard protection methods like secure containers, wrappers and mobile anti-virus solutions are highly recommended, but will not be enough to protect a fleet of devices against these emerging threats. Instead, the best method for protection is prevention. Employees can act as their own first line of defence against MitM attacks by taking heed of the following advice:
Don’t auto connect to Wi-Fi - unless it’s onsite at the office or your protected home network; avoid using free Wi-Fi hotspots; do not use jail-broken phones, and finally, only use apps from trusted sources.
Eldar Tuvey, co-founder and CEO of Wandera
Image Credit: Sidarta / Shutterstock