The new security paradigm – the challenges of mobile security over public WiFi
Understanding what is really at stake when straying from the safety of secured networks
As more and more employees embrace mobile working, businesses are being exposed to new and evolving risks. From checking emails to accessing company data, on-the-go connectivity via mobile devices can provide a huge productivity boost – but, of course, it requires internet access and this increasingly means public Wi-Fi.
Unfortunately for IT teams, the statistics show that many of us opt for convenience over security when it comes to connecting to the web. From free Wi-Fi in coffee shops to airport internet connections and even hotspots dotted around the city, your employees are highly likely to connect to free and unsecured public networks if it means getting work done efficiently and avoiding paying mobile data costs.
What Are The Risks?
For the less security-savvy members of your team, connecting to free Wi-Fi while firing off a few emails in the coffee shop might not seem like a big deal. But as IT professionals know, unsecured networks can carry enormous risks – not just for the person connecting but for their entire business.
The threat revolves around what are known as ‘man-in-the-middle (MitM) attacks’ which typically involve hackers using something called a “pineapple” device. These devices, can be purchased for as little as 100 Euros on Amazon and are easy enough to set up if you’re remotely IT savvy. The Pineapple acts as a hotspot “honeypot” to get unsuspecting users to connect to the device. The Pineapple picks up on the SSID details that your phone broadcasts when trying to connect to Wi-Fii. Using a network SSID that your phone recognizes it exploits the auto-connect feature to trick devices into connecting. Often the Pineapple is connected to the true Wi-Fi network so that you still get an internet connection and remain unaware.
This exposes unsuspecting Wi-Fi users to a number of potential threats. Sniffing or Eavesdropping involves inspecting unencrypted traffic over the network and is used to harvest credentials when a users logs on to an application. Packet injection involves the hacker injecting or inserting malicious packets into the data communication stream, disguising them as part of the communication. Even if a hacker can’t view your password due to strong encryption, Session hijacking can allow then to take over an existing session to an online service. Hackers might use SSL Stripping to intercept packets and alter their https-based address requests to go to the http version of the requested site, effectively by-passing encryption. Finally hackers might Spoof a website, tricking you into thinking you’re on a legitimate site when it’s really a fake site gathering your credentials.
It’s easy to imagine the damage this can cause, from personal and corporate financial loss through to reputational damage . From a personal perspective your onine shopping or banking details could be exposed. From a corporate perspective your credentials to access corporate cloud applications could be at risk. With users often replicating password across systems this could also give an attacker a route into other corporate systems.
How To Mitigate The Risks
Although public networks may always carry some risk, avoiding them altogether just isn’t always practical. and even if you ask your employees not to use public Wi-Fi, you can’t guarantee they won’t. Fortunately, there are several ways to guard your business against the risks.
VPNs are an option for many businesses. Most MDM platforms will enable you to configure mobile devices to use a secure VPN “tunnel” either at a device-wide level for all data, or for particular applications (per app VPN). A VPN will allow your staff to make use of unsecured Wi-Fi while still being subject your usual IT security policies – protecting corporate data against any third parties trying eavesdrop. If your business relies on cloud-based software or staff having remote access to files on your servers, a well-configured VPN can provide additional security and resistance to MitM attacks.
Mobile Threat Defence (MTD) solutions are another good option. Many of these have the capability to detect malicious Wi-Fi networks and activities like SSL stripping and SSL bumping and provide a warning to users. When a user connects to a Wi-Fi network, an MTD app validates the integrity of SSL connections to detect compromises and checks the security of a connection to detect if someone is using a MitM attack to break the connection.
Access controls that demand a certain level of network security, location controls that set your business premises as trusted locations, in particular, can be great ways of blocking your staff from using unsecured public networks for business purposes.
As always, user education is key. Providing your employees with access to basic mobile security training can dramatically reduce risky behaviour. We’ve listed 4 simple pieces of advice below that you can and should share with your employees to
As more businesses store their data in the cloud, more employees work remotely and the expectation of employees to be “always on” grows, reliance on Wi-Fi (no matter where the network is or who it belongs to) will also continue to grow, along with the potential risks this introduces. Make sure your organisation is prepared and protected.
For more on this, be sure to check out our piece on unlocking the D.N.A of your mobile security.