Threat Category: Network Threats: Wi-Fi
ID: LPN-2
Threat Description: Unencrypted or weakly encrypted (e.g. WEP) Wi-Fi networks could allow adversaries to eavesdrop on connctions.
Threat Origin
Guidelines for Securing Wireless Local Area Networks (WLANs) (SP 800-163) 1
Exploit Examples
Using the Fluhrer, Mantin, and Shamir Attack to Break WEP 2
CVE Examples
Not Applicable
Possible Countermeasures
To reduce the opportunity for this attack, configure mobile devices to not automatically connect to untrusted and unsecure networks.
To mitigate eavesdropping over unencrypted Wi-Fi networks, use over-the-top encryption products that encrypt data prior to transmission off the device.
EnterpriseTo reduce the probability of this attack, configure Wi-Fi networks to WPA2 in personal mode with a strong password (increased length, complexity, and randomness).
To further reduce the probability of this attack, configure Wi-Fi networks with WPA2 in enterprise mode with digital certificates.
To mitigate eavesdropping over unencrypted Wi-Fi networks, use over-the-top encryption products that encrypt data prior to transmission off the device.
To mitigate eavesdropping over unencrypted Wi-Fi networks, use VPN solutions to establish an encrypted tunnel.
References
M. Souppaya and K. Scarfone, Guidelines for Securing Wireless Local Area Networks (WLANs), SP 800-163, National Institute of Standards and Technology, 2016; http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-153.pdf [accessed 8/24/2016] ↩
A. Stubblefield, J. Ioannidis and A.D. Rubin, Using the Fluhrer, Mantin, and Shamir Attack to Break WEP, tech. report TD-4ZCPZZ, AT&T Labs, 2001; https://www.ndss-symposium.org/wp-content/uploads/2017/09/Using-the-Fluhrer-Mantin-and-Shamir-Attack-to-Break-WEP-Adam-Stubbefild.pdf [accessed 7/26/2022] ↩