Wireless Vulnerabilities in the Wild: View From the Trenches. Deepak Gupta AirTight Networks. Acknowledgement: Based on work presented by K N Gopinath at RSA 2011. Agenda. Why care about Wireless Vulnerabilities? (Motivation). What’s new in this talk and what are its implications?.
View From the Trenches
Acknowledgement: Based on work presented by K N Gopinath at RSA 2011
Why care about Wireless Vulnerabilities? (Motivation)
What’s new in this talk and what are its implications?
Wireless Vulnerability Analysis (Measurements)
Are today’s enterprises secure enough to prevent the recurrence of such attacks?
How many of these are actually connected to my network?
Not all APs are WPA/WPA2.
WPA/WPA2 AP (%)
War Driving Insufficient for Enterprise Threat Classification
187,868Enterprises Deal With Lot of Non-Enterprise Devices
70% APs do NOT belong to the studied Organizations!
Similarly, About 87% Clients are Unmanaged/External!
Connections to neighbors,
Presence of an instance of a threat (%)
Window of opportunity for an attacker
Likelihood of presence of a threat instance
How does this information help you?
Get an idea of Wi-Fi threat scenario in enterprises that may be like yours
Which wireless threats you should worry about first?
Plan your enterprise mitigation strategy
a threat (%)
163 Different type of Consumer Grade OUIs seen
About 1 in 10 Rogue APs have Default SSIDs
About Half of Rogue APs Wide Open
An open Rogue AP is Virtually THIS!
Client (Smartphones & laptops both) probes for these SSIDs.
Certain (8%) Authorized Clients Probing for 5 or more SSIDs
15% of these are default SSIDs. 26,443 (7%) clients in adhoc mode.
Smartphone as an Attacker
App1: Mobile Hotspot
App2: SSLStrip Attack Tool
VIDEO DEMO: Smartpot MITM Attack
Some AP based threats are active for a day or more!
Histogram indicating that AP threats live longer
% Threat Instances with Given Threat Duration
Data from SMB/Retail (PCI) Segment
Large Enterprise Segment: Threats Per Month Per Sensor
(Approx. 10,000 sq feet area)
Bigger your organization, higher the likelihood of finding the threats
But, WPA2 does not protect against threats due to unmanaged devices
Intrusions (AP Based Threats)
Extrusions (Client Based Threats)
Go Wi-Fi, But, The Safe Way!
Prominent threats are
You need an ability to monitor the entire organization, not just 1 or 2
Similar pattern with respect
to prominent threats
Some difference w.r.t other threats
Increased adhoc connections in PCI