Public Wi-Fi networks are the worst offenders when it comes to using poor security protocols, but in truth, all Wi-Fi networks are vulnerable to hackers. Because all Wi-Fi networks essentially work in the same way, there are many ‘universal’ vulnerabilities that all networks are susceptible to.
The KRACK vulnerability, for instance, targets one of the key security features of all Wi-Fi networks: the four-way authentication protocol that routers use to establish a connection with a device. Because the vulnerability exploits a feature that is common across all Wi-Fi networks, it affects a vast variety of machines.
Another common attack method is simply to set up a router and a Wi-Fi network that looks the same as a legitimate one and hope that careless users log in to the ‘fake’ network. These ‘fake’ routers are known in the trade as "Rogue Access Points." If a user makes the mistake of connecting to one, an attacker can run vulnerability scanning software to identify further attack vectors.
Another example of a universal vulnerability exploits the Universal Plug and Play (UPnP) system that allows devices to discover each other automatically. Many attacks using security holes in this system have been spotted in the wild, and in November 2018 researchers found that there were still 3.5 million devices that expose their UPnP endpoint to the internet, and 277,000 of them are vulnerable to such attacks.
Sometimes poor Wi-Fi security can simply be the consequence of using weak security protocols. As Wi-Fi technologies have advanced, new and more secure protocols have been released, but not all networks have been upgraded to make use of them. This is especially true for public networks, many of which still use the 20-year-old WEP protocol, rather than the more secure WPA or (even better) WAP2 protocols.
In practice, most serious attacks make use of a limited number of Wi-Fi vulnerabilities. Let’s take a look at each:
Man-in-the-middle attacks are a form of attack in which an attacker "listens in" to the communication between two parties, but allows them to believe that they are directly communicating with each other. MITM helps attackers access the sensitive information transmitted between the parties, and even manipulate the communication to elicit confidential data.
Packet Sniffing is an attack method that makes use of legitimate network management tools, known as packet sniffers. Typically, attackers will use these tools to spy on data being exchanged between two machines on a network, and if this data is unencrypted may be able to steal passwords or authentication tokens.
Evil Twin Attacks operate in a similar way to man-in-the-middle attacks, but in this method, an attacker will use their machine to imitate legitimate websites and systems and prompt the victim to enter confidential information. An attacker can then collect this data for later use.
DNS Spoofing makes use of the Domain Name Server (DNS) system that allows your devices to find websites. Though we humans navigate the internet using URLs, your router sees things differently: whenever you enter a website address, your router will look up the IP address of this site in a DNS table. This means that if an attacker can gain access to DNS tables, they can redirect your devices to spoof websites. If you enter any information into these, an attacker will be able to collect it.
A Wi-Fi Pineapple might sound amusing, but these small devices are anything but. Invented back in 2008 by Hak5, a company that makes equipment for penetration testers, these devices operate in much the same way as standard Wi-Fi routers. The chief difference is that they have much longer ranges, and come optimized to deploy sophisticated attacks.
Session Hijacking is another common form of attack in which an attacker will steal the ‘magic cookie’ that your devices use to authenticate themselves in a range of online systems. Using this, an attacker can imitate you, and use this access to steal personal information.
If all this is making you worried that the Wi-Fi networks you use are not secure, then congratulations: you have taken the first step in securing yourself against attack!
What can you do now to protect yourself against Wi-Fi threats? The answer to that depends on the type of networks you use.
Securing your Home Network is easy enough. Make sure you are using the most recent security protocol you can (probably WPA2), and encrypt everything you do online with a VPN, and you will instantly reduce your vulnerability to attack.
Securing Public Wi-Fi Networks is generally a little more tricky because they are owned and administered by someone else! The best option is therefore to only use public networks for browsing, and never, ever to login to your social media accounts or online banking system.
Using a hotspot is a good way to limit your vulnerability because these are typically more secure than public Wi-Fi networks. That said, you should still use a VPN to encrypt all the information you send, just in case someone is listening in.
Limiting Wi-Fi threats is all about knowing limiting vulnerability, and so it is an area in which a little knowledge goes a long way. A few simple steps are often enough to avoid the most common forms of attack, because if you make your network even a little bit more secure than the average, a potential attacker is likely to move on to the next network.