Threat Category: Network Threats: Wi-Fi
ID: LPN-0
Threat Description: Public, unsecure access points are subject to rogue access point attacks. This could allow adversaries to man-in-the-middle traffic going to and from devices connected to the network.
Threat Origin
Guidelines for Securing Wireless Local Area Networks (WLANs) (SP 800-153) 1
Exploit Examples
Darkhotel: A Sophisticated New Hacking Attack Targets High-Profile Hotel Guests 2
CVE Examples
Not Applicable
Possible Countermeasures
Avoid the use of untrusted and unencrypted Wi-Fi networks, particularly when needing to access sensitive services.
When needing to connect to untrusted and unencrypted Wi-Fi networks, attempt to verify with a representative of the hosting organization (e.g., coffe shop employee) that the detected network is the correct one.
To reduce the probability of connecting to rogue access points, use Wi-Fi hotspot services that associate access points with registered Wi-Fi provider, geolocation, and crowd-sourced reputation data to make assertions about the their apparent trustworthiness.
EnterpriseTo reduce the probability of connecting to rogue access points, use Wi-Fi hotspot services that associate access points with registered Wi-Fi provider, geolocation, and crowd-sourced reputation data to make assertions about the their apparent trustworthiness.
To avoid this threat, only allow mobile devices to connect to authorized Wi-Fi networks that use WPA2 encryption.
References
M. Souppaya and K. Scarfone, Guidelines for Securing Wireless Local Area Networks (WLANs), SP 800-163, National Institute of Standards and Technology, 2016; http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-153.pdf [accessed 8/24/2016] ↩
K. Zetter, “Darkhotel: A Sophisticated New Hacking Attack Targets High-Profile Hotel Guests”, Wired, 10 Nov. 2014; www.wired.com/2014/11/darkhotel-malware/ [accessed 8/24/2016] ↩