I recently updated my Samsung Focus with the Windows Phone 7 NODO update and received a feature I am not sure I wanted, support for the WISPr protocol. WISPr support, long present on the iPhone, allows your AT&T smartphone to automatically and transparently switch from the 3G/4G cellular network to an AT&T WiFi Hotspot when one is located nearby. There is only one problem, a problem that you may not be aware of and AT&T seems to be keeping quiet about, while your 3G/4G communications are encrypted your communications over the AT&T WiFi Hotspot are not. And so, without your explicit consent or even notification, you are automatically switched from a reasonably secure network to one in which nearly anyone can monitor or even hijack your communications. Most people have some inkling that public WiFi Hotspots are dangerous and thus get to choose whether or not to take precautions (from VPNs to being extra careful to specify https when they connect to a website), though I suspect people generally just ignore the danger. But when your phone automagically switches you over to a non-secure WiFi network, you have no opportunity to protect yourself. AT&T has multiplied this problem 100-fold by its strategy of deploying WiFi as an alternative to new 3G cells in areas where it has data problems but not voice problems. So, for example, when you walk through Times Square in New York your phone may switch to using WiFi rather than the 3G network for data transmission. This is certainly not a situation you expect nor prepare to protect yourself from.
Public WiFi networks are open and non-secure because current security mechanisms are both inadequate to the task and are not user-friendly. T-Mobile once tried to secure its WiFi offering by adding support for WPA encryption and 802.1x authentication to its T-Mobile Hotspot offering. This never caught on (perhaps because it was inadequate, or perhaps because most WiFi adapters were not WPA compatible at the time of introduction) and has now apparently been dropped. While I could simply blame the key management problem I’ve mentioned in previous postings, in this case we are mostly dealing with a fundamental conceptual flaw, that WiFi only tries to make the network as secure an an equivalent wired network. Well, wired networks are only secure because of physical security. That is, unless I can enter your building and tap into the wire I can’t intercept wired communications. But once I tap into the wire I can see all communications flowing over it. Solutions like WPA/WPA2 try to mimic wired security by locking unauthorized people out of the wireless network. But once they are inside (because they have the key) they can still intercept communications just as in the wired network case. So for public WiFi Hotspots to be secure it isn’t enough to use WPA/WPA2 since anyone could easily obtain the keys (e.g., by paying for access). What is needed is for each individual WiFi user to have a separately encrypted channel between their client (PC, Phone, etc.) and the Wireless Access Point. Sadly, there is no provision for this in current wireless networking standards.
Even your home or small business wireless network, supposedly protected from outsiders by WPA/WPA2 using Pre-Shared Keys, may be highly vulnerable. A Pre-Shared Key is basically just a password, and of course you can have passwords that are weak or passwords that are strong. When you think of websites, or your computer’s local logon, guessing even a weak password is difficult because of features that have been developed over the last four decades. When you put in the wrong password there is a delay before you are allowed to try again, and then if you enter too many wrong passwords you are locked out for a longer period (10-30 minutes, or more). This prevents one computer from breaking into another by trying password after password. But with WiFi you don’t need to keep retrying the password and running into defensive measures. Anyone can listen in and record the traffic going over your network in a log file, even if what is recorded is encrypted. So what if you could take a log of the encrypted traffic from a network and process it elsewhere to figure out what Pre-Shared Key was being used to encrypt it? Yes, that can be done using one of two techniques.
The first technique is a Dictionary Attack. This is pretty simple, just imagine trying a list of words/phrases that people might use as their Pre-Shared Key. For example, what if you use the name of your dog as your Pre-Shared Key? Like Rover or Spot. Or the name of one of your children? Even a longish name like Christopher is going to fall rather quickly to a dictionary attack. For $17 you can perform this dictionary attack at WPA Cracker. Of course once the tool figures out what your Pre-Shared Key is then someone can use it to connect to your network and manipulate the network traffic. Oops.
The second technique, a Brute Force attack, was until recently considered outside the realm of being practical for anyone other than spy agencies like the U.S. National Security Agency because it required massive amounts of computer horsepower. The computing power to perform a brute force attack on WPA/WPA2 is now within the purchasing power of a criminal entity, and even more importantly can now be rented from cloud providers such as Amazon. The cost of a brute force attack using Amazon’s cloud? $1.68
There are ways to mitigate the weaknesses in WiFi security, but few of us are putting them to use. And vendors aren’t doing a very good job of helping. For example, using SSL (https) for as much web communications as possible is one mitigation. Google made SSL the default for accessing GMAIL over a year ago. Both Facebook and Hotmail have made this an option. For example in Hotmail you can either go to https://www.hotmail.com or you can change a setting in Hotmail to always access it this way. If you use Firefox or as your browser you can automate the use of SSL with many websites using HTTPS Everywhere. KB SSL Enforcer adds this capability to Chrome. As far as I know Internet Explorer users are out of luck.
Another mitigation is to use a VPN to encrypt all traffic over a WiFi network. Of course, why the major hotspot providers like AT&T and T-Mobile don’t offer this as part of their service is beyond me (well, not really, VPNs are expensive to install and operate). Many people use their work VPN. But if you don’t have one, or your company prohibits or limits personal use, there are a number of low-cost consumer VPN services out there. I use WiTopia whenever using a public hotspot with my notebook or iPad (though sadly it doesn’t help with my Samsung Focus since Windows Phone 7 doesn’t yet offer a VPN client).
As for those dictionary and brute force attacks a very reasonable mitigation is to use a long random string of characters for the Pre-Shared Key. Random prevents dictionary attacks. Long makes brute force attacks more costly. Rover is horrible. JohnPaulGeorgeRingo is only slightly better. Try something like dpe3kd6aq39lyash (aka, 16 random characters) which is likely safe for a number of years.
Are their solutions to these problems? Certainly, but it will be many years before they are introduced and achieve widespread deployment. They will require the deployment of a new generation of WiFi Access Points, Routers, adapters, and other technology. And the industry has just barely begun to think about a new generation of solutions. In the mean time we’ll see a move to wider use of SSL on web sites and browsers that automatically try https before http when accessing web sites. That will surely make things better, but it will still leave plenty of gaps in internet security. And given we are looking at the next generation (at least) of browsers before SSL becomes the default we’ll be living with the current situation for 12-18 months or more.
As for AT&T’s automatic switching of your phone’s data connection to their WiFi Hotspots, until they automatically encrypt the data flowing over WiFi I’d disable the ability to connect to their Hotspots. That is easy to do on a Windows PC where you can specify not to automatically connect. But on smartphones like the iPhone you have to delete its knowledge of the AT&T WiFi hotspot and remember to re-delete it anytime you intentionally use one. Otherwise you are putting all your data communications out in the open for all to see.
Pingback: Deepsec 2011: Are Companies “Evil” When it Comes to Privacy? | Hal's (Im)Perfect Vision