Attacks designed to exploit weaknesses in Wi-Fi networks are on the rise, with hackers increasingly targeting vulnerabilities in Wi-Fi infrastructure to gain unauthorized access, intercept sensitive data and launch further attacks.
The main area of concern is the deauthentication attack; a form of denial of service (DoS) attack that takes advantage of a basic flaw in the 802.11 Wi-FI protocol where disconnect commands are not authenticated or verified.
According to Nozomi Networks, 94% of Wi-Fi networks are vulnerable to such attacks, which in many cases are used as a precursor to more complex exploits. These include evil twin attacks, where an attacker creates a rogue access point mimicking the original but with a stronger signal, to trick victims into joining a malicious network.
“This is then used to steal or manipulate traffic, trigger reauthentication for credential capture – the first step of cracking a Wi-Fi password – and enable man-in-the-middle (MITM) attacks,” explains Tope Olufon, senior analyst at Forrester.
Red flags: Signs a Wi-Fi network has been compromised
While there’s no universal rule for spotting an attack on a Wi-Fi network, there are common warning signs for which businesses can look out.
These include clients frequently disconnecting and reconnecting without a clear reason, new unauthorized Wi-Fi networks that look similar to your own, or unusual traffic patterns on the network, such as unexpected spikes or unknown devices communicating.
“The key to catching these issues early is having clear visibility and continuous monitoring of your wireless environment,” advises Alessandro Di Pinto, senior director of Security Research at Nozomi Network.
Is your Wi-Fi network secure enough?
Any business that’s heavily reliant on wireless connectivity is vulnerable to Wi-Fi-based attacks, even those who consider their networks ‘secure.’ This is due to a number of factors, including common misconfiguration or the use of legacy equipment explains
Kevin Curran, a Senior Member of the IEEE and Professor of Cybersecurity at Ulster University.
“Common issues include weak or inconsistent encryption settings, such as using WPA2 instead of WPA3, which provides better protection against attacks. Weak passwords also remain a significant risk.
“Many networks also fail to enable protected management frames (PMFs), leaving them susceptible to deauthentication attacks. Default services set identifiers (SSIDs) and the lack of SSID hiding can make networks easier targets for attackers, while outdated routers and devices may not support the latest security standards, weakening overall security.
“Misconfigured guest networks, which lack proper isolation and access controls, can expose sensitive resources, while poorly managed access control and failure to remove outdated devices or users can provide attackers with easy entry points,” he continues. “Outdated firmware on devices also presents known security risks, and improperly configured VPNs can undermine security by leaking data or providing weak encryption.”
Underreported Wi-Fi vulnerabilities
IT leaders should be aware of the following underreported Wi-Fi vulnerabilities advises Olufon:
- Pairwise master key identifier (PMKID) attacks for fast handoff credential capture.
- Extensible authentication protocol (EAP) downgrades in enterprise set-ups.
- Broadcast probe abuse to track devices or profile networks.
- Evil twin attacks.
Strengthening your Wi-Fi security
In order to protect your business’ Wi-Fi network from deauthentication attacks there are several basic steps you should perform.
The most effective defence is to enable PMFs. Essentially, this encrypts and authenticates management frames – such as deauth and disassoc – preventing spoofing explains Curran. “However, both the access point and client devices must support PMF for full protection.”
Best practice is to implement WPA3, which includes PMF by default, and disable legacy protocols like wired equivalent privacy (WEP) and WPA. WPA3 is the latest Wi-Fi security protocol and introduces features including simultaneous authentication of equals (SAE), which strengthens resilience to offline attacks, and forward secrecy, which ensures past communications remain secure even if session keys are compromised.
It also supports 192-bit encryption for more robust protection and includes enhanced open, which secures open Wi-FI networks using opportunistic wireless encryption (OWE) to prevent eavesdropping and MITM attacks, notes Curran.
These days, using WPA3 is becoming essential, especially in industries where even a short downtime can lead to serious financial losses. Even so, adoption has been slow as many older devices don’t support WPA3, and companies are reluctant to upgrade because of compatibility issues and the related costs says Di Pinto.
In the cases when such an upgrade can’t be done quickly, experts agree that WPA2 should be enabled with PMF.
Another simple step is to increase visibility of your Wi-Fi network by deploying wireless sensors and conducting regular wireless security assessments. Network segmentation is also crucial, as it allows critical operational technology (OT) to be isolated from less trusted guest and enterprise Wi-Fi networks, which helps to contain breaches and prevents attackers from accessing critical resources.
In contrast, MAC address filtering can be bypassed relatively easily with MAC spoofing, so shouldn’t be heavily relied on for security purposes.
“While it can add a layer of security by restricting access to known devices, an attacker can capture a legitimate MAC address through sniffing and then impersonate a device to gain access. It also doesn’t protect against many types of attacks, including deauthentication or MITM attacks, so has less impact in modern networks,” says Curran.
What’s next for Wi-Fi security?
Of course, the tech industry is always evolving. Several new standards and technologies are emerging that will improve business Wi-Fi security by addressing vulnerabilities, enhancing encryption and offering better protection against attacks.
These include Wi-Fi 6E / Wi-Fi 7, which are designed to provide better performance, segmentation and security features. “AI-based anomaly detection continues evolving across all areas including wireless security,” adds Di Pinto.
As with any attack surface, it’s imperative that IT leaders stay actively aware of vulnerabilities and the latest security solutions in order to protect their Wi-Fi network.
“Assume it’s always reachable and scan, monitor, test and harden,” advises Olufon. By doing so you put your organization in a better position to defend against any attacks via this route.
-
Microsoft hits back at Lumma Stealer malwareNews Microsoft and Europol are fighting back against the Lumma Stealer malware
-
Google is getting serious on cloud sovereigntyNews Google has joined Microsoft in bolstering its sovereign cloud services as tensions grow over US influence on big tech providers.
