The president of the United States is having a meeting with a top colonel and black ops advisor in the White House. A male senator joins the conversation and the group proceeds to discuss highly confidential information. The senator follows the colonel out and continues the conversation, but as they part ways, we see the senator’s eyes flash and learn she is actually a mutant -- or evil twin -- in disguise.
If you don’t recognize this scene, it’s from a movie called X2: X-Men United. The female mutant in question is code-named Mystique, who has the ability to completely transform into anyone she touches; she only has to get within proximity of her target to learn how to copy them. Though Mystique’s powers are about as realistic as flying unicorns, they offer a decent analogy to a totally genuine Wi-Fi attack called the Evil Twin attack.
Like the White House’s security, the Wi-Fi industry has some pretty strong security standards, which allow you to validate your wireless clients and encrypt and secure their traffic. However, like Mystique, if cybercriminals get within proximity of your employees’ wireless devices, they can easily masquerade as your Wi-Fi network, thus completely bypassing your defenses.
Unfortunately, the Evil Twin attack is just one of several wireless threats today’s Wi-Fi security standards don’t really address. Despite the fact that these threats have existed since the beginning of Wi-Fi, they’re a major problem. In this article, I share why I believe Wi-Fi needs a more complete security standard.
To start, you should understand the Wi-Fi security standards that do exist today. With wireless, it becomes possible for anyone within range of your network, including attackers, to potentially listen in and participate in your communications. That’s why one of the first things the Wi-Fi Alliance did was create security protocols to authenticate and validate users joining wireless networks -- and to encrypt those users’ traffic so attackers can’t see it. Specifically, it started with a security protocol called the Wired Equivalent Privacy (WEP) protocol and have since moved on to one called Wi-Fi Protected Access (WPA).
Over time, vulnerabilities and weaknesses in these protocols have surfaced. For instance, no one should use WEP any longer since it’s broken and easily crackable. The Wi-Fi Alliance has done a fairly good job updating these protocols to improve security along the way.
Take the latest standard, WPA3, for example. It significantly improves security by closing some weaknesses with WPA2’s pre-shared keys, which past Wi-Fi attacks (KRACK) targeted. But WPA3 isn’t perfect. It has already suffered a number of new security flaws that combine into the DragonBlood attack, which allows attackers to downgrade their victims’ wireless security or uncover the passwords they’re using. The good news is that vendors have mostly corrected these issues, and in general, the Wi-Fi Alliance has done a decent job of providing security standards that authenticate users and encrypt their traffic.
The problem is that there are Wi-Fi threats that work regardless of these encryption and authentication protocols. The Evil Twin attack is one such example, where an attacker simply copies the wireless network name (something called an SSID) of a Wi-Fi network you have joined before, such as your official corporate Wi-Fi network. Unfortunately, Wi-Fi clients happily connect to any network with the name they are looking for. Which version of that network they join depends more on the range and signal strength of the network than any other factor.
Even if your real wireless network uses strong WPA3 encryption to make sure only authenticated clients join it, your phone or laptop will connect to a fake version of that network, even without any wireless security enabled at all. While Wi-Fi security standards have protocols that can protect you when you join the right network, they don’t have industry-wide security technologies that keep your devices from unknowingly connecting to evil fake networks (the Mystique version).
Beyond the Evil Twin attack, other examples of Wi-Fi threats today include ad-hoc or peer-to-peer wireless networks, rogue access points, rogue clients and more. For more information on all six of the known Wi-Fi threat categories, check out the Trusted Wireless Environment (TWE) movement. This movement outlines the threats that WPA3 and other Wi-Fi security standards don’t currently detect and prevent and is gathering support for the development of a better worldwide Wi-Fi security standard.
It’s clear that we need to standardize new wireless security technologies that not only encrypt users’ wireless communications but ensure wireless devices aren’t tricked into joining networks without any security. The good news is that there are methods organizations can use to defend against each Wi-Fi attack category. Generically, solutions that provide Wireless Intrusion Prevention System (WIPS) provide extra layers of security that not only discover bad actors on your wireless network or within your wireless proximity but can actively prevent your devices from connecting to evil networks or block attackers from completing their attacks.
That said, not all WIPS technology works equally. Some WIPS solutions detect certain threats but fall short of preventing actual attacks. Other methods suffer from too many false positives for you to comfortably take action. However, there are WIPS technologies that do accurately detect each Wi-Fi threat category and can automatically prevent wireless attackers from exploiting them. The entire industry, from the Wi-Fi Alliance and IEEE to silicon chipset suppliers and design manufacturing partners, should work together to establish strong WIPS as the default security standard for every Wi-Fi network.
The industry has done a decent job of making sure Wi-Fi security standards somewhat limit who joins our wireless networks and who can see our wireless traffic. However, major wireless threats like the Evil Twin attack still persist despite these standards. Until there is an industry-wide standard that mitigates each known Wi-Fi threat category, our wireless communications aren’t safe. It’s time to end the Wild West of Wi-Fi security and build a global standard that truly protects organizations and their users from every class of Wi-Fi attack.
