LPN-0 · Mobile Threat Catalogue

Mobile Threat Catalogue

Rogue access points

Contribute

Threat Category: Network Threats: Wi-Fi

ID: LPN-0

Threat Description:

Threat Origin

Guidelines for Securing Wireless Local Area Networks (WLANs) (SP 800-153) 1

Exploit Examples

Darkhotel: A Sophisticated New Hacking Attack Targets High-Profile Hotel Guests 2

CVE Examples

Not Applicable

Possible Countermeasures

Mobile Device User

Avoid the use of untrusted and unencrypted Wi-Fi networks, particularly when needing to access sensitive services.

When needing to connect to untrusted and unencrypted Wi-Fi networks, attempt to verify with a representative of the hosting organization (e.g., coffe shop employee) that the detected network is the correct one.

To reduce the probability of connecting to rogue access points, use Wi-Fi hotspot services that associate access points with registered Wi-Fi provider, geolocation, and crowd-sourced reputation data to make assertions about the their apparent trustworthiness.

Enterprise

To reduce the probability of connecting to rogue access points, use Wi-Fi hotspot services that associate access points with registered Wi-Fi provider, geolocation, and crowd-sourced reputation data to make assertions about the their apparent trustworthiness.

To avoid this threat, only allow mobile devices to connect to authorized Wi-Fi networks that use WPA2 encryption.

References

  1. M. Souppaya and K. Scarfone, Guidelines for Securing Wireless Local Area Networks (WLANs), SP 800-163, National Institute of Standards and Technology, 2016; http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-153.pdf [accessed 8/24/2016] 

  2. K. Zetter, “Darkhotel: A Sophisticated New Hacking Attack Targets High-Profile Hotel Guests”, Wired, 10 Nov. 2014; www.wired.com/2014/11/darkhotel-malware/ [accessed 8/24/2016]