WiFi Vulnerabilities: Advances and incidents in 2010

Taking a look back at some of the WiFi issues that emerged this year

The 802.11n standard was ratified in 2009 and WiFi really took off in 2010, with support showing up in an array of consumer electronic devices. Unfortunately security related issues escalated right along with growing acceptance.  Here’s a look back at the WiFi security issues that emerged this year.

Virtual WiFi leads to rogue access points: The Windows 7 virtual WiFi capability, or soft AP, became popular in the early part of 2010, with users downloading millions of copies of free programs such as Connectify to exploit feature.  But it didn’t take long for security experts to see the danger and warn organizations about the possibility of employees creating possible rogue access points using virtual WiFi. These rogue APs can create a hole in your network security and allow an unauthorized user to “ghost ride” into the corporate network.  This type of access can be difficult to notice using traditional wire-side techniques, so experts advocated watching carefully for the appearance of rogue APs while upgrading machines to Windows 7.

MiFi gains popularity:  Steve Jobs experienced a WiFi malfunction during the iPhone 4 launch in June 2010. An examination after the fact revealed that around 500 mobile hotspot networks were in use, supporting some 1,000 WiFi devices. This incident brought to light the security issues that can crop up from use of MiFi, and experts suggest using dedicated monitoring solutions capable of detecting these unauthorized devices on a 24x7 basis.

Google’s WiFi snooping controversy: In the middle of 2010 Google admitted that their cars used to collect Street View information also mistakenly collected payload data from unsecured WiFi networks. Many viewed the act as a privacy breach because the data collected included personal information such as email, passwords, fragments of files, browsed Internet data, pictures, video clips, etc. The controversy was a major black eye for Google but served as a big wake up call for all those WiFi users who still haven’t secured their WiFi networks.

Russian spies and peer-to-peer WiFi links: The use of private, adhoc WiFi networks for secret communication came to light when the FBI arrested a group of Russian spies who were using the tools to privately transfer data. Such adhoc WiFi networks set up links between WiFi users without using a centralized WiFi router. Corporations are advised to deploy monitoring tools that can snoop out such connections.

Fake WiFi stealing data from smartphones: Security experts discover that using a smartphone’s WiFi capability to access an open or public network can lead to a vulnerability if the user doesn’t tell the phone to forget the network.  Users that don’t follow this advice are in danger of getting trapped into a fake WiFi network by someone with malicious intents. Once trapped, users can end up leaking passwords and other private data, and might be at risk of malware and worms.

Hole196 uncovered for WPA/WPA WiFi networks:  The name Hole196 was used for the vulnerability that was uncovered at security conferences in Las Vegas in July by AirTight Networks. The vulnerability was mainly targeted at WPA2 (using AES encryption) WiFi networks configured with 802.1x Authentication mechanism. Before Hole196 showed up, such networks were considered some of the most secure WiFi deployments around. With Hole196, these networks can be subjected to a fatal insider attack, where an insider can bypass the WPA2 private key encryption and 802.1x authentication to scan devices for vulnerabilities, install malware and steal personal or confidential corporate information. Although specially targeted at WPA (AES)/802.1x networks, the vulnerability also applies to the WPA/WPA2-PSK networks.

The folks that found Hole196 say exploiting the vulnerability is simple and the attack isn’t detected by traditional wire-side IDS/IPS systems. Being an insider attack, the importance of Hole196 was downplayed by some experts, but reports point out that, with the rise of insider attacks, Hole196 is now considered important. Security experts strongly advocate the use of a comprehensive WIPS solution.

Firesheep turns layman into WiFi hackers: Firesheep, the Firefox extension developed by Eric Butler, was released for public use in late 2010. Since then it has gained tremendous attention because it has almost automated the task of hacking over insecure WiFi networks such as hotspots. With Firesheep and a compatible WiFi client card, a malicious user just needs a single click to see the details of various people in his/her vicinity, visiting their respective accounts on websites (using unencrypted after-login session), such as Facebook, Twitter, Amazon, etc.

Another click and the malicious user can log into these sites, meaning even laymen can become hackers. Security experts remind people to exercise extra precaution while enjoying unsecured WiFi connections. The world is hoping Firesheep’s popularity will motivate the popular social network websites to take further steps to protect user security.

Smartphone as WiFi attacker: The year 2010 witnessed the release of many new high end smartphones but these devices are now being seen as active threats. While attackers previously needed to carry a notebook to eavesdrop on WiFi links or launch sophisticated WiFi attacks, they can now perform these tasks using a high end smartphone.

Reviewing the list of WiFi security issues that came up in 2010, it can be expected that 2011 will witness more of the same. With new WiFi attack vectors emerging, corporations will realize they need additional layers of security that can provide active protection.

About the author: Ajay Kumar Gupta is presently working with an enterprise dealing in WiFi security products. He has been in the field of wireless security for more than five years and is a frequent contributor to leading security magazines and blogs. He holds a master's of technology degree from IIT Bombay in India.

Read more about anti-malware in Network World's Anti-malware section.

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags NetworkingWi-Fi Securitywireless

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Ajay Kumar Gupta

Network World
Show Comments

Most Popular Reviews

Latest News Articles


PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?