Wireless Red Teams: Evil Twins, Eavesdropping, and Password Cracking

Wireless Red Teams: Evil Twins, Eavesdropping, and Password Cracking

Many companies operate wireless networks to allow greater flexibility through mobile computing. In many cases IT departments deploy wireless networks but ignore the dangers of wireless connectivity, assuming that limiting access makes them safe from wireless attacks. The problem is that wireless networks are much easier to attack and potentially compromise than their wired counterparts because they are often accessible from public areas. Physical security does not prevent an attacker from attempting to eavesdrop on wireless communications or gain unauthorized access to internal networks. 

 

Just like business, the U.S. Department of the Interior operates hundreds of wireless networks to allow employees greater flexibility through mobile computing. In September 2020, the US Office of the Inspector General released an evaluation of the U.S. Department of the Interior wireless networks and found that the U.S. Department of the Interior wireless network infrastructure was insecure

 

A “wireless red team” utilized easily concealed test units that cost less than $200 to attack the wireless network from publicly accessible locations open to visitors. These simulated attacks went undetected by security guards and IT security staff and were highly successful. The “wireless red team” intercepted and decrypted wireless network traffic in multiple bureaus and in two instances gained access to internal networks. They also obtained the credentials of a bureau IT employee and were able to use that person’s credentials to log into the bureau’s help desk ticketing system and view the list of tickets assigned to the employee. The simulated attacks weren’t new – they were the same as attacks previously used by Russian intelligence agents around the world a few years back, as outlined in a 2018 U.S. Department of Justice indictment. 

 

The three main failures found during the evaluation were:

  1. No regular testing of wireless network security
  2. No complete inventories of wireless networks
  3. Contradictory, outdated, and incomplete guidance regarding Wireless deployment

 

At Orchestra we are addressing all three. HarmonyIoT is a unique control that ensures continuous monitoring of wireless security and inventory, as well as the ability to mitigate wireless attacks. The Harmony platform extends HarmonyIoT to provide centralized automated security policy verification that is continuously monitored.

 

The complete report can be found here: https://www.doioig.gov/sites/doioig.gov/files/FinalAudit_WirelessNetworkSecurity_Public.pdf

One Response

Leave a Reply

Your email address will not be published. Required fields are marked *

Share on facebook
Share on twitter
Share on linkedin
Share on whatsapp