Wireless (In)Security: 5 WiFi Client (Mis)Uses
My previous post (WiFi Rogue AP: 5 Ways to “Use” it) talked about the (mis)uses of a Rogue AP. This post looks at the other challenge – security issues with WiFi clients. WiFi clients come from different vendors and are available in several flavors. They are embedded in today’s notebooks which often carry sensitive enterprise and personal data. By their very nature, such clients are highly dynamic. I am sure that network administrators managing even moderate sized enterprises can relate to the following two issues. First, the hassle of maintaining an accurate list of enterprise WiFi clients and second, controlling the WiFi profile of a client (WiFi profile of a client determines its mode of operation, wireless networks it will try to connect to and its security settings). Although controller based wireless LAN (WLAN) infrastructure can mitigate the first issue, it may not be of much help in controlling the WiFi profile of enterprise clients. Hence, every enterprise can potentially have such “mis-configured” WiFi clients. They can be exploited by an attacker in the following 5 ways.
Continue reading...