Wifi Security

Catch the SonicWave of WiFi

/0 Comments/in /by

Meet the New SonicWave 200 Series Wireless Access Points

SonicWall has been busy with new product releases in 2019, with the SOHO 250 and TZ350 firewalls and Cloud App Security already making waves in the cyber security market. Speaking of waves, SonicWall’s latest devices expand on its wireless access point offerings, with the SonicWave 200 Series. Three new models make up the new series of SonicWave APs, offering a new option for any type of environment complete with improved uptime, easy deployment, cloud management, and stronger security. The 224Wis wall-mountable, the 231C goes on the ceiling, and the 231O is ready for whatever the great outdoors has to throw its way.

These APs feature 802.11ac Wave 2 technology and attain MU-MIMO (multi-use, multi-input, multi-output) support to maximize performance. They’re also simple to deploy thanks to integration with the SonicWiFi App (scan a QR code and they’re ready to use) and simple to manage whether you use SonicWall’s WiFi Cloud Manager or your SonicWall firewall – either way you need not pony up for an expensive, complex wireless access controller.

And SonicWall never forgets security. With Advanced Security Service, your AP will have Content Filtering and Capture Advanced Threat Protection (ATP), a cloud-based secure sandbox. The 231c and 231o also come complete with a dedicated third scanning radio to detect rogue access points.

Charting the SonicWave Waters

To take an even deeper dive into the specs for each SonicWave, paddle over to our handy comparison table:

How Do I Get One?

So now that you’ve seen what each new SonicWave AP has to offer, you’re probably wondering, “How do I get 1…or 4…or 10 (depending on your space and user needs)?” We have you covered! Visit our SonicWave Access Point page to see all the available options to help you get your network up and running – and secure. Plus, you’ll also be eligible for special discounts through SonicWall’s Get More WiFi, Pay Way Less promotion, which can save you up to 25% off MSRP if you buy an 8-pack of APs with Advanced Security Services. But hurry, the promotion is for a limited time only!

SonicWall enhances Wi-Fi, cloud apps and endpoints security for SMBs and distributed enterprises

/0 Comments/in /by

SonicWall announced new platform offerings and enhancements for small, mid-sized and distributed businesses and enterprises to protect against targeted attacks on wireless networks, cloud apps and endpoints. In addition to a new line of firewalls designed to consolidate security, networking and performance, SonicWall introduced new cloud-managed Wi-Fi access points and wireless planning tools designed to ease the deployment of global wireless networks.

The company also provides real-time protection for cloud applications, including Office 365, G Suite, Box and Dropbox, in addition to equipping organizations with advanced Endpoint Detection and Response (EDR) capabilities.

“Cybercriminals take advantage of unintentional gaps left in the security architecture fabric,” said SonicWall President and CEO Bill Conner. “SonicWall’s core mission is to empower organizations to improve their security posture and better protect against growing vulnerabilities. As our platform evolves, expands and integrates, we continue to deliver proven security solutions to organizations looking to enhance visibility, streamline processes and implement cost efficiencies.”

Seamlessly plan, secure expanding wireless networks

To enhance wireless security and performance for SMBs and distributed enterprises, SonicWall delivers a range of new cloud-based deployment and management solutions.

SonicWall WiFi Cloud Manager and SonicWiFi mobile app simplify wireless access, control and troubleshooting capabilities across networks of any size or region, with single sign-on (SSO) access provided by the cloud-based Capture Security Center to ensure proper security measures are taken.

Provisioning new wireless hardware can often be time-consuming when taking adequate measures to ensure employees receive secure, high-performance wireless connectivity. Pairing SonicWall WiFi Cloud Manager with SonicWall Zero-Touch Deployment and wireless mesh networking allows wireless expansion to be accomplished within minutes.

With Capture Security Center, administrators can also leverage the intuitive, easy-to-use SonicWall WiFi Planner surveying capabilities to design and deploy secure wireless networks that enhance the user experience and ensure workforce productivity.

“Deploying a secure wireless network is no longer an option, it’s a requirement,” said James Crifasi, Vice President and Chief Technology Officer at RedZone Technologies. “SonicWall wireless tools have proved to be lower in cost and reduce the need for complex overlay management systems. We are thrilled at the improvements in security, management, and performance the new series has given us.”

Organizations can pair new SonicWave access points with SonicWall firewalls for high-speed 802.11ac Wave 2 wireless access and deep packet inspection (DPI) of encrypted and unencrypted traffic. These new access points can also be deployed securely without a SonicWall firewall and offer integrated security services, including the Capture Advanced Threat Protection (ATP) sandbox service and SonicWall Content Filtering Service.

New cost-effective firewalls consolidate security, networking, performance

IT managers need a solution that solves their security, connectivity and performance concerns in a small form factor appliance at a price point within their budget.

SonicWall’s new SOHO 250 and TZ350 series firewalls provide a unified security solution at a low total cost of ownership. Designed for small, mid-sized and distributed enterprise organizations with remote locations, the SOHO 250 and TZ350 integrate essential networking features and industry-validated high-security effectiveness to protect data and connected devices, including IoT.

The new firewall range combines high-speed threat prevention and software-defined wide area networking (SD-WAN) technology with an extensive range of networking and wireless features, plus simplified deployment and centralized management capabilities.

SonicWall Secure SD-WAN technology reduces costs by replacing expensive MPLS technology with lower-cost internet access. Deploying SOHO 250 and TZ350 firewalls is greatly simplified with SonicWall Zero-Touch Deployment, a key component of SonicWall’s cloud-based Capture Security Center.

Secure business-critical data in cloud applications

Cloud applications are vital to organizations’ production, sales and communications, and are increasingly the target of attacks. To thwart never-before-seen malware variants, targeted phishing attacks, account takeover due to compromised credentials and data loss, SonicWall Cloud App Security 2.0 provides real-time protection for business-critical SaaS apps, including Microsoft Office 365, G Suite, Box and Dropbox.

“When organizations move to the cloud or SaaS applications, their sensitive data moves into shared infrastructure and the traditional perimeter evaporates,” said Jeff Wilson, Senior Research Director, Cybersecurity Technology at IHS Markit. “Administrators need to have the same complete visibility and access control inside their networks and in the cloud, and they need to be able to control security and enforce strong threat and data loss protection with policies that keep risk and compliance in mind. Organizations should look for a Cloud Access Security Broker (CASB) solution that provides easy deployment, granular control and has zero impact on the user experience.”

To identify and mitigate malicious malware or files stored in SaaS solutions, such as OneDrive and SharePoint, SonicWall Cloud App Security 2.0 integrates with the Capture ATP sandbox service, which includes patent-pending Real-Time Deep Memory Inspection (RTDMI) technology. The new features extend SonicWall real-time automated breach detection and prevention capabilities into sanctioned SaaS environments using API integrations and monitor user-to-cloud and cloud-to-cloud traffic to identify unapproved cloud applications.

Email is the most common threat vector and security controls must be adapted as organizations move to cloud email, such as Exchange Online with Office 365 or Gmail with G Suite. To combat advanced targeted phishing attacks, Cloud App Security 2.0 includes machine-learning anti-phishing capabilities that are trained to catch malicious emails missed by the built-in security controls of cloud email platforms.

Empowering administrators with advanced endpoint detection and response

Designed to increase administrators’ response time, visibility and insight into advanced threats, SonicWall Capture Client 2.0 gives organizations active control of endpoint health with advanced endpoint detection and response (EDR) capabilities.

Administrators have the ability to track threat origins and intended destination, kill and quarantine as necessary and roll back endpoints to a last-known healthy state in the event of an infection.

External USB devices can pose a serious threat to network security, potentially delivering malware, ransomware and viruses to vulnerable endpoints. SonicWall’s new Capture Client feature, Device Control, helps organizations reduce their attack surface by locking out unknown or suspicious devices.

Security policies can easily be created to whitelist clean devices, such as printers and removable storage, and narrow the threat plane. Unlike legacy antivirus solutions, systems no longer have to be taken offline to conduct forensic analysis and/or reimaging when mitigating malware or cleaning endpoints.

Employee behavior can prove challenging when building a sound cybersecurity defense. By using SonicWall Content Filtering Service capabilities, Capture Client blocks access to millions of known malicious domains, IP addresses and botnets to prevent infections caused by employee error or curiosity.

Center for Internet Security warns of Trickbot

/0 Comments/in /by

TrickBot malware targets users financial information and acts as a dropper for other malware and can be leveraged to steal banking information, conduct system and network reconnaissance, harvest credentials and achieve network propagation, according to a security primer released by the Multi-State Information Sharing and Analysis Center (MS-ISAC).

“The malware authors are continuously releasing new modules and versions of TrickBot,” The Center for Internet Security said in a whitepaper. “TrickBot is disseminated via malspam campaigns. These campaigns send unsolicited emails that direct users to download malware from malicious websites or trick the user into opening malware through an attachment. TrickBot is also dropped as a secondary payload by other malware, most notably by Emotet.”

The modular banking trojan was recently used to steal credentials for remote computer access with a newer version targeting passwords for Virtual Network Computing (VCN), PuTTY and Remote Desktop Protocol (RDP).

Detected as TrojanSpy.Win32.TRICKBOT.AZ and Trojan.Win32.MERETAM.ADnew, the new TrickBot was discovered this past January as part of a spam campaign that distributes emails disguised as tax incentive notifications from Deloitte. Attached to the emails are a malicious Microsoft Excel spreadsheet, featuring with a malicious macro that, upon activation, downloads the malicious payload.

The Center for Internet Security initiative encourages users and admins to review use antivirus programs, disable macros and practice overall good cyber hygiene.

Getting Control of Security Controls

/0 Comments/in /by

he effective deployment of technology depends on a business-level understanding of the organization. Technology on its own solves very few problems. However, when it is part of a comprehensive protection strategy, and truly integrated, operationalized, and measured, then it can deliver positive return on investment. Historically security controls provide a cautionary example.

Whether you insource, outsource, or have blended security operations, it doesn’t change the critical fact that control management, to be seen positively by business leadership, has to answer the following:

  1. How much protection did we actually achieve?
  2. Is this level reasonable?
  3. Did we get this at a reasonable cost?

Rather than have a comprehensive business plan for all aspects of the security control, from goals and strategy, to design, operational, and business plan, to measurement and reporting, too many organizations think of each control as technology first, a firewall or vulnerability scanner, for example. As a result, management is seen as tactical and not strategic, and that can result in misalignment which leads to a host of other problems.

Having spent time on the vendor side, we are partially guilty of creating this ‘technology first’ dogma because we sold technologies as ‘solutions’. As we learned from repeated cases, customers usually had a challenging time achieving strong value from these technology ‘solutions’.

Seen as a tactical technology first, sometimes even a “check-the-box” initiatives, security controls are often in the hands of security managers with technical backgrounds. Therefore, it is not surprising that controls overemphasize technical security resources and tasks to the detriment of classic business management and integration capabilities.

Some controls are under-invested, others over-invested, and some don’t exist at all. Worse still, there is insufficient integration between the controls, which fails to provide a unified ecosystem of protection across the entire environment.

This imbalance dramatically impacts the overall performance of security controls – both in terms of protection results and cost-effectiveness. These realities can expose the organization to greater risk than expected and overall poor investment performance. Furthermore, this reinforces the businesses’ perception that security is a poor place for investment.

To explore this problem a little further, let’s dissect a security control into three dimensions:

  1. Security resources (e.g. people/skills, technology, partners/vendors) – the bulk of investment
  2. The day-to-day operations of ‘doing security’ (leveraging resources to achieve objectives, and integrating into a protection ecosystem)
  3. The background handling of business and political challenges, via management of goals and strategy, design, operational, and business plans, measurement, and reporting

Unfortunately, many organizations have these dimensions wildly out of balance, typically focusing on the security resources and attempting to gain something useful from via the day-to-day operations. However, the translation into business terminology, and business-related metrics and reporting is often a challenge and takes a back seat until it’s too late. This is why we so often see the CISO become the ‘fall guy’.

To greatly increase chances of success, these dimensions should be equally balanced, with initial focus on strategy and business case, then calibrating and scaling the programs people and technology while rolling out and optimizing the day to day security operations.

This imbalance is why you often hear that ‘security is a journey and not a destination’. You need to establish a destination, then go on your journey to achieve it. The greater the level of protection, the greater the cost.

Unfortunately, control shortcomings are often exposed as ‘immaturity’ during a proactive assessment, or far worse, the investigation following a breach. It’s not about a level of maturity against one’s peers or a popular security framework, security controls are meant fundamentally to be a conversion of investment into protection.

Understanding the implementation, integration, and at what level those controls can protect the most critical business assets is paramount.

A focus on technology first, or an imbalanced control implementation, doesn’t necessarily lead to greater protection – and certainly not cost-effectively. Rather than defense in depth, as has been a common moniker for two decades now, we see expense in depth and an inability of the business to truly gain confident and cost-effective control of their security risk with their security controls, and control ecosystems.

CREEPY INCIDENTS WITH NEST CAMERAS PROMPT PASSWORD WARNING

/0 Comments/in /by

Google has urged owners of Nest cameras to reset their passwords, following reports of hackers taking over the smart home devices.

In one incident last month, a family in Illinois had their home security system compromised by cyber criminals, who took control of connected Nest cameras to shout racial abuse through the device’s speaker at a couple and their baby.

“As I approached the baby’s room and stood outside, I was shocked to hear a deep manly voice talking to my 7-month-old son,” the victim told local media. “My blood ran cold.”

In a separate incident that same month, a Californian family received an emergency broadcast alert through their Nest surveillance camera that detailed three North Korean intercontinental ballistic missiles headed to the United States.

“It warned that the United States had retaliated against Pyongyang and that people in the affected areas had three hours to evacuate,” The Nest owner told The Mercury News.

“It sounded completely legit, and it was loud and got our attention right off the bat. … It was five minutes of sheer terror and another 30 minutes trying to figure out what was going on.”

Both incidents were the result of the Nest customers using compromised passwords that had been exposed through hacks on other websites, according to the Google-owned company.

In an email to customers this week, Nest Vice President Rishi Chandra blamed other security breaches for the issues, writing that people who used the same login credentials across multiple sites and services could fall victim to similar attacks.

To prevent further incidents, Mr Chandra gave security advice to customers on how to better protect the devices from cyber criminals.

“Even though Nest was not breached, customers may be vulnerable because their email addresses and passwords are freely available on the internet,” he wrote.

“If a website is compromised, it’s possible for someone to gain access to user email addresses and passwords, and from there, gain access to any accounts that use the same login credentials.”

The best way for a customer to avoid having the Nest camera hijacked is to use a strong and unique password, while also enabling two-factor authentication to add an additional layer of security, he wrote.

“While we continue to introduce additional security and safety features, we need your help in keeping your Nest account secure,” he concluded.

“It’s a great responsibility to be welcomed into your home, and we’re committed to keeping you and your Nest devices safe.”

National pen test execution standard would improve network security

/0 Comments/in /by

A penetration test is only as good as the person conducting it. There are gaps that a national execution standard could fill and ensure networks are equally secure.

As the number of cyber attacks increases, the demand for penetration tests – to determine the strength of a company’s defense – is also going up. People are worried about their companies’ networks and computer systems being hacked and data being stolen. Plus, many regulatory standards such PCI and HITRUST require these tests to be performed on at least an annual basis.

The demand for these tests is only going to increase as attackers get more sophisticated. And it’s essential these tests catch all possible vulnerabilities.

Benefits and gaps of penetration tests

Penetration tests involve live tests of computer networks, systems, or web applications to find potential vulnerabilities. The tester actually attempts to exploit the vulnerabilities and documents the details of the results to their client. They document how severe the vulnerabilities are and recommend the steps that should be taken in order to resolve them.

The benefit of performing a penetration test is that an organization will know their weak points and where they need to invest in stronger security controls. For example, a pen test can find insecure network setups or configurations, open ports, and insecure routers and switches.

The problem, however, is that results can vary significantly depending on who performs the test. There is no comprehensive national execution standard defined to perform penetration tests. That leaves a lot of room for security vulnerabilities to be missed, which can lead to many organizations not knowing how strong their security controls are.

For example, one cybersecurity firm can test a network and identify 10 vulnerabilities, while another could find only two. This is a concern, and something should be done to address this.

Solution: National pen test execution standard

One way to close the gap on this problem is to create a national penetration test execution standard that cybersecurity testing firms would have to comply with.

This standard would need to go much further in detail than the existing NIST SP 800-115, Technical Guide to Information Security Testing and Assessment, which provides only general guidelines for performing penetration tests. While that guide has good information, it does not go far enough in providing details on exactly what type of activities should be completed during the test and does not provide up to date information on an attacker’s behavior and how to perform it during a test.

This new standard would need to include a list of recommended tools and standard targets within environment that must be tested. It would include application and network-based requirements that must be tested on the internal and external network segments. It should also detail the various types of attacks that systems should be tested against.

The FBI and Department of Homeland Security have some of the most up-to-date information about attack tactics and can help ensure that these are covered in the testing standard.

With the basics of a penetration test complete following the standard, then companies can conduct their own, more creative tests, which are essential because many companies use their own customized tools and processes.

For a standard approach to succeed, though, the penetration test standard would have to be updated regularly. Attackers are constantly changing tactics, and those need to be incorporated as they are discovered.

Having this national penetration execution standard that cybersecurity firms follow as part of their process will help businesses appropriately assess their cyber risk so they can focus on investing their resources in areas they’re needed the most.

Popular D-Link Router Falls for Routine Malware

/0 Comments/in /by

While every router manufacturer must endure its share of difficulties, D-Link has been having a particularly tough time over the last year or so.

Every few months or so, one (or more) of its widely used routers falls prey to some kind of dangerous exploit, and the latest victim is the D-Link DSL-2750B. This consumer-grade combination router/DSL modem, which was formerly distributed by Verizon to many of its home DSL customers, is currently under attack from a prominent Internet-of-Things botnet known as Satori.

But the really bad news is that the D-Link vulnerability that Satori is exploiting is two years old, and there may not be a fix for it yet.

MORE: Best Wi-Fi Routers

What you can do

If it’s true that D-Link has not issued a patch for the flaw, there’s unfortunately not much you can do if you own the DSL-2750B. (The router is also a few years old, and not guaranteed to get an update at all.)

Good antivirus programs installed on your PCs, Macs and Android devices will prevent Satori from infecting them with other forms of malware, although that’s not what Satori is really interested in doing. It’s too busy attacking websites, mining cryptocurrencies and generally being an internet nuisance.

You really don’t want your home Wi-Fi router compromised in the first place. It’s the key to your digital kingdom. If an attacker controls your router, he can send you to malicious webpages designed to steal your passwords or empty your bank accounts. It’s better to just call up Verizon and ask for a newer model.

Low hanging fruit

This information all comes from two sources: an analysis of the Satori variant from Beijing-based security firm 360 Netlab, and a study of the malware’s spread from enterprise security provider Radware, located in Mahwah, New Jersey.

To put things very briefly: Satori is a variant of an Internet of Things botnet called Mirai, which made a splash when it attacked thousands of IoT devices and used them to temporarily knock parts of the U.S. East Coast offline in the fall of 2016. The botnet never really went away; some devices patched against it, and some didn’t. But in the meantime, attackers are still experimenting with ways to make it more effective.

Just why Satori is attacking the D-Link DSL-2750B is not a mystery: the device has a well-publicized security hole that was first reported in the winter of 2016. We couldn’t find any patches available online for this flaw, even though the D-Link DSL-2750B was given by Verizon to many of its home DSL customers, some of whom are certainly still using it.

Using different known exploits, Satori is also attacking routers made a Chinese company called XiongMai and optical-fiber routers used overseas. Radware measured Satori attacking more than 2,500 devices in a 24-hour period. Without going into exquisite detail about how the attack works,  the newly infected routers themselves then scan the internet for more devices to infect.

Where the attack originates is anyone’s guess. The plurality of attacks seems somewhat evenly distributed between Brazil, South Korea and Italy. Seventeen other countries also show up in Radware’s analytics, including the United States, the United Kingdom, Russia, France and Spain. In other words: If you have a vulnerable device, Satori doesn’t seem very choosy about where you live.

Huawei Permitted Only For 5G Trials so Far: DoT Secretary

/0 Comments/in /by

Telecom Secretary Aruna Sundararajan on Tuesday said the Indian government has allowed the company only to carry out trials for 5G connectivity as of now.

Amid reports of Chinese technology major Huawei being banned in several countries, including the US, on security concerns, Telecom Secretary Aruna Sundararajan on Tuesday said the Indian government has allowed the company only to carry out trials for 5G connectivity as of now. Speaking to reporters here on the sidelines of a workshop on Internet of Things (IoT) and Machine-to-Machine (M2M) technology, Sundarajan clarified that the government would put the necessary safeguards in place before allowing companies to deploy 5G connectivity and access the core networks.

“We have asked…or rather Huawei has applied to us for participating in the trials, that is different from deployment,” she said. The secretary said that the Department of Telecommunications (DoT) would like to utilise the opportunity to understand Huawei’s archictecture and to what extent it would comply with the networks in India.

“We will be putting in place necessary safeguards. We will be putting in place all necessary safeguards before allowing any access to the core networks”. Along with the US, Canada and the UK some other European countries have raised concerns over snooping by the Chinese major. Local equipment manufacturers have also urged the government to stop the procurement of Huawei products for public sector projects.
Last week, Union Communications Minister Manoj Sinha told Rajya Sabha there is no proposal yet to ban the company in the country.

 

Vulnerabilities Found in Highly Popular Firmware for WiFi Chips

/0 Comments/in /by

WiFi chip firmware in a variety of devices used mainly for gaming, personal computing, and communication comes with multiple issues. At least some of them could be exploited to run arbitrary code remotely without requiring user interaction.

The security flaws were discovered in Marvell Avastar 88W8897 SoC (Wi-Fi + Bluetooth + NFC), present in Sony PlayStation 4 (and its Pro variant), Microsoft Surface (+Pro) tablet and laptop, Xbox One, Samsung Chromebook and smartphones (Galaxy J1), and Valve SteamLink.

Marvell’s firmware for the module is based on ThreadX, a real-time operating system (RTOS) developed by Express Logic. The source code for the RTOS is available when purchasing a license.

The vendor claims on their website that ThreadX has over 6.2 billion deployments, being one of the most popular software behind Wi-Fi chips.

WiFi chip initialization process

A WiFi chip is typically initialized by a driver from the manufacturer that loads the firmware image during the startup routine.

With Marvell’s wireless system-on-chip (SoC), there are certain drivers that work with the Linux kernel it uses: ‘mwifiex’ (source available in the official Linux repository), ‘mlan’ and ‘mlinux,’ whose sources are available in the official steamlink-sdk repo.

Both features debug capabilities, allowing reading and writing from and to the WiFi module’s memory.

Controlling memory block allocation

One of the vulnerabilities discovered in the firmware is a block pool overflow that could be triggered when the chip is scanning for available networks, a process that starts every five minutes, even if the device is already connected to a WiFi network; knowledge of the WiFi name or the access password is irrelevant.

“That’s why this bug is so cool and provides an opportunity to exploit devices literally with zero-click interaction at any state of wireless connection (even when a device isn’t connected to any network). For example, one can do RCE [remote code execution] in just powered-on Samsung Chromebook,” says Denis Selianin, researcher at Embedi company specialized in the security of embedded devices.

In a report released today by the company, Selianin describes two methods of exploitation, one that works on any ThreadX-based firmware if certain conditions are met, and another typical for Marvell’s implementation of the firmware on its modules; combining the two methods leads to reliable exploitation, the researcher says.

In the generic case, an attacker can overwrite the pointer to the next free block of memory and control the location for allocating the next block.

“By controlling the location of next block allocation, an attacker can place this block to the place where some critical runtime structures or pointers are, thus achieving an attacker’s code execution,“ Selianin explains.

Exploiting the bug on Marvell’s Avastar SoC involved reverse engineering wrapper functions for memory management routines. This works if the next block is occupied.

The functions use in the beginning of each ThreadX block a metadata header with special pointers that are called before freeing a block. This information is sufficient to allow code execution on a wireless SoC.

execution of an arbitrary pointer

Selianin used a custom tool to dump the WLAN chip’s firmware from a Valve Steam Link hardware device (no longer manufactured, but still supported) and checked it for potentially exploitable issues with afl-unicorn fuzzing tool. He was able to find about jfour memory corruption issues.

Stack-based buffer overflow

The researcher was able to execute code on the processor of Valve’s gadget by exploiting a security bug in the device’s application processor driver, with the help of a second escalation vulnerability. Leveraging this flaw is similar to the previous exploit.

“The only difference is that an attacker sends data from a controlled Wi-Fi SoC over SDIO bus, not over the network,“ Selianin explains, adding that because a driver acts as a bridge between the device and the operating system (OS), it should get data from a device, parse and pass it to the OS.

The code Marvell Wi-Fi driver uses for these operations should be able to process a large variety of message types composed of information elements (IEs), making for a wide attack surface

Another vulnerability the researcher found is a stack-based buffer overflow, which is dead-easy to exploit, according to Selianin, because the Linux kernel (’3.8.13-mrvl’) used by Marvell does not include mitigations for exploiting the binary.

Harvard Business Review: Don’t Use Public WiFi (Without a VPN)

/0 Comments/in /by

Earlier this year, the Harvard Business Review published a story about the hidden dangers of public WiFi networks and urged everyone to stop using them. They cited a recent studyconducted by the Identity Theft Resource Center® (ITRC) in conjunction with Private WiFi which indicated that nearly 80% of people admit to using public WiFi without properly protecting themselves.

The study mentioned above also showed that 76% of respondents believe using a free WiFi connection can lead to identity theft. So why do we keep using public WiFi when so many of us are at least somewhat aware of these risks?

It seems like most of us just can’t help ourselves when it comes to taking advantage of public WiFi. Case in point: at both the Republican and Democratic national conventions in 2016, a private company offered free (but comply unsecure) WiFi. Over 70% of attendees happily logged on.

If we use public WiFi networks on a regular basis (and that includes most of us), we should at least be aware of why it’s so risky.

Why Public WiFi is So Dangerous

Maybe you think the problem is exaggerated, or perhaps you think it only happens to a small number of people. The truth is that each year, over half of the adult population has their personal information exposed to hackers.

The truth is that it’s exceptionally easy for novice hackers to spy on anyone using public WiFi. YouTube has hundreds of thousands of videos on how to do it. They’ve even created out-of-the-box hacking devices where all you have to do is plug in a WiFi Pineapple and begin hacking. Also, hackers will set up networks that look legitimate but are actually Evil Twins, so when you log into them, the hacker can see everything you are doing online.

The Harvard Business Review mentions that there’s a saying in the cybersecurity industry that there are three types of people in the world: those have been hacked, those who will be hacked, and those who are being hacked but just don’t know it yet.

Which one are you?

How to Protect Yourself

So how can you protect yourself from the dangers of public WiFi and hackers? Should you take the advice of the Harvard Business Review and just stop using public WiFi altogether?

Luckily, with a few simple steps, you can still enjoy public WiFi when you are on the go:

  • Turn off your mobile device’s WiFi connection when not in use: First, stop your smartphone from automatically connecting to public WiFi whenever it’s available, just in case it connects to a dodgy network.
  • Beware of Evil Twins: As we mentioned above, hackers will set up their own hotspots in busy areas, so always ask someone who works at the location for the connection details to make sure you’re connecting to a legitimate network.
  • Paid WiFi doesn’t mean safe WiFi: Just because you paid for WiFi access (such as on a plane or in an airport) doesn’t mean that it’s safe. In fact, nearly all public WiFi is completely open and completely insecure. Most of the security in public WiFi networks is built in to the payment system to safeguard your credit card. Beyond that, there’s no encryption to stop anyone from eavesdropping on your communications.
  • Change your passwords frequently: If you are like most people, you probably use the same password for all of your online accounts. If you are accessing any websites on a public WiFi networks which are accessible via a password (such as Gmail, Facebook, LinkedIn, Twitter, etc.), these can be easily be stolen out of thin air. So make sure you use complex passwords and change them at least once every six months.
  • Use a VPN: Finally, buy a VPN and use it on all your devices!

Why You Really Need a VPN

If you want to completely protect your data, use a VPN (Virtual Private Network) whenever you connect to a WiFi network on any device. A VPN is software that secures and privatizes data across the Internet by building an “encrypted tunnel.” When you access the Internet, your data passes through this tunnel which protects it from anyone who tries to intercept it.

A VPN like Private WiFi is the best protection you can use if you’re going to use public WiFi on any of your devices.

The Harvard Business Review says that you need to stop using public WiFi. We want to amend that a little bit: stop using public WiFi unless you’re using a VPN like Private WiFi! With Private WiFi, you can have peace of mind knowing that your data is always totally secure.