CDM-CYBER-DEFENSE-eMAGAZINE-March-2019
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
eavesdropping on unicast and multicast management frames and the replacement of WPA2’s 4-<br />
way handshake and Pre-Shared Key (PSK) system with Simultaneous Authentication of Equals<br />
(SAE). This essentially eliminates offline dictionary attacks. These security enhancements will<br />
help eliminate the various tricks and tools attackers have been using for years to intercept WPA2’s<br />
4-way handshake packets, and upload to multiple free services that advertise “recovering your<br />
Wi-Fi password”.<br />
Open Wi-Fi networks supporting WPA3 also have improvements intended to prevent<br />
eavesdropping. Referred to by the Wi-Fi Alliance as “WPA3 Enhanced Open,” Wi-Fi networks<br />
that don’t require passwords will utilize Opportunistic Wireless Encryption (OWE), where each<br />
device will receive its own key. This will prevent others on the same open network from sniffing<br />
packets out of the air.<br />
But despite these welcome security improvements, at least one of the six Wi-Fi threat categories<br />
– Rogue AP, Rogue Client, Evil Twin AP, Neighbor AP, Ad-Hoc Networks, and Misconfigured<br />
APs – can still be used to compromise WPA3 networks. Each of these types of threats represent<br />
a unique method attackers can use to either position themselves as a MitM or eavesdrop on<br />
network traffic silently. That’s why more and more IT departments are creating Trusted Wireless<br />
Environments that are capable of automatically detecting and preventing Wi-Fi threats. Relying<br />
on WPA3 alone for Wi-Fi security is a mistake.<br />
Take the Evil Twin AP attack, for example. This threat is very likely to be used in Enhanced Open<br />
Wi-Fi networks, since OWE can still take place between a victim client and an attacker’s Evil Twin<br />
AP that is broadcasting the same SSID, and possibly the same BSSID as a legitimate AP nearby.<br />
Although OWE would keep the session safe from eavesdropping, the victim’s Wi-Fi traffic would<br />
flow through the Evil Twin AP and into the hands of an MitM, who can intercept credentials, plant<br />
malware, and install remote backdoors. One massive issue with WPA3 it doesn’t account for the<br />
fact that users and devices connecting to an SSID still have no way to confidently know that the<br />
SSID is being broadcasted from a legitimate access point or router. The SSID can still be<br />
broadcasted, with WPA3 enabled, from a malicious Evil Twin AP for example.<br />
Don’t get me wrong, the emergence of WPA3 is a solid step forward toward addressing today’s<br />
significant Wi-Fi security issues. That said, it should be looked at as a complimentary security<br />
control rather than a cure-all. Any organization operating a Wi-Fi network needs to ensure that<br />
they’ve built a Trusted Wireless Environment that can identify and defend against Wi-Fi threats<br />
automatically. This way, the access point deployment itself prevent users and devices from<br />
connecting and falling victim to malicious threats. How much trust can you put into your wireless<br />
environment?