Threat Category: Network Threats: Wi-Fi
ID: LPN-3
Threat Description: Malicious Wi-Fi networks could masquerade as legitimate Wi-Fi networks, allowing adversaries to intercept or potentially manipulate device communications.
Threat Origin
Guidelines for Securing Wireless Local Area Networks (WLANs) (SP 800-163) 1
Exploit Examples
FCC Fines Marriott $600,000 for Jamming Hotel Wi-Fi 2
CVE Examples
Not Applicable
Possible Countermeasures
When choosing to connect to an unencrypted and potentially spoofed Wi-Fi network, to reduce the probability of connecting to a malicious network, verify the network appears consistently geolocated with the host (e.g., on the premises), and if possible, verify with a representative that the intended Wi-Fi network is the one they host.
To decrease the probability of connecting to a spoofed Wi-Fi network, configure devices to not automatically connect to unknown Wi-Fi networks, and to ‘forget’ public networks once they are no longer in use.
EnterpriseTo greatly decrease the probability of this attack, only allow mobile devices to connect to authorized Wi-Fi networks that use WPA2 encryption with a strong pre-shared key (for personal mode).
References
M. Souppaya and K. Scarfone, Guidelines for Securing Wireless Local Area Networks (WLANs), SP 800-163, National Institute of Standards and Technology, 2016; http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-153.pdf [accessed 8/24/2016] ↩
G. Fleishman, “FCC fines Marriott $600,000 for jamming hotel Wi-Fi”, blog, 3 Oct. 2014; http://boingboing.net/2014/10/03/fcc-fines-marriott-for-jamming.html [accessed 8/24/2016] ↩