Hotspots for HackersBy CWNP On 08/30/2007 - 4 Comments
With the introduction of Apple's iPhone (and all of those other converged cellular/Wi-Fi phones), use of public WLAN hotspots is about to massively increase. Making wVoIP phone calls, instant messaging, browsing, email, and connecting to the corporate office over VPN are just a few things that users will be doing en mass shortly. Certainly hotspots are already a pretty big deal - including those hotspots that aren't really meant to be hotspots - for staying connected. But with the oh-so-sought-after Apple iPhone, all of those skype phones from SOHO vendors, Internet tablets like Nokia's N800, and now all of these new converged phones recently showing up in the market, hotspots are going to be busy busy. Busy hotspots mean busy hackers. It'll be tough for those guys though...you know, deciding between hacking your Wi-Fi phone, tablet PC, or laptop over your bluetooth connection, Wi-Fi connection, infrared port, or any number of other wireless interfaces.
If you work in the Wi-Fi industry, you may already know that public hotspots are a security paradox. You want them to be secure, but on the other hand you want unfettered access. What's a hotspot operator to do? There are a number of things that come to mind.
1) Use an access point or WLAN controller (with lightweight APs) that have the ability to restrict connectivity between wireless guests.
2) Use HTTPS login pages if guest logins are required.
3) On the splash page (the login page), make sure to highlight that use of a public hotspot is unsecure.
a) Suggest use of secure applications (e.g. FTP/SSH2 or FTP/SSL, POP3/SSL, SSH2, HTTPS, etc.) or strong VPN technology (IPSec, SSH2, SSL).
b) Suggest use of a personal firewall. Offer a free download of personal firewall freeware for immediate installation.
c) Note that hotspot users should only make wVoIP phone calls when the wVoIP application is secure, they're connected over a VPN, or they're using a Layer-2 security method such as 802.1X/EAP or WPA/WPA2-PSK.
d) Note that hotspot users should consider disabling wireless interfaces not currently in use.
4) Restrict outbound TCP port 25 (to prevent the bulk of drive-by spammers)
5) Offer 802.1X/EAP, PSK, or VPN service when feasible. It's possible that this will not fit with the operator's business model, so it will depend on the situation.
6) Limit Internet bandwidth per user to something reasonable.
7) Implement a WIPS for large hotspot deployments (such as in corporate environments for guest users) to protect hotspot users from specific attacks.
WVE.org has nearly as many bluetooth attacks as it does Wi-Fi attacks. We live in a wireless data world, and both the hotspot operator and hotspot user will have to take precautions to keep users safe.