Think Wi-Fi has become more secure in the past few decades? Recent news proves it’s time to think again.
It’s been nearly two decades since mobile Wi-Fi snooping, known as “wardriving,” became popular. This practice, where individuals drive around in cars with Wi-Fi “sniffers,” looking for open or easily hackable Wi-Fi networks, has been joined by warwalking, warbiking and even warballooning. For many, seeking out and hopping on other Wi-Fi networks was a pastime. For some, it was an attempt to steal Wi-Fi bandwidth—and even sensitive information.
In 2001, around the same time that wardriving went mainstream, a website, WiGLE.net, posted its first Wi-Fi network. The site, which maps Wi-Fi networks around the globe, now lists more than 385 million networks. If a network’s SSID (network name) is being broadcast, it is “visible” to sniffers and other networks—and there’s a good chance WiGLE will map it. That doesn’t mean it’s an open network (not encrypted or password protected), but it does make it easier for hackers that want to break in.
Making matters worse, where WiGLE maps a network, it displays the SSID with a dot that indicates the type of encryption each network uses, with a red dot meaning “none.” Although WiGLE’s stated purpose in doing this is to create awareness of the need for wireless network security, it effectively sends up a flair to hackers that says, “Come get me.”
With sites like WiGLE around—and especially in light of the October 2017 discovery of a serious vulnerability in WPA2 (one of the stronger methods of Wi-Fi encryption), business owners must take Wi-Fi security seriously. At the minimum, that means using ultra secure wireless access points and routers such as Cisco Meraki products. Optimally, it also involves having a managed security program in place, with network and system security actively managed either on-site or by a third-party provider.
As Mathy Vanhoef, the Belgian security expert who discovered the WPA2 flaw noted, “Attackers can use this novel attack technique…to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos and so on.” For networks with more lax security, they can do even more.