{"id":22743,"date":"2019-06-11T20:41:36","date_gmt":"2019-06-11T09:41:36","guid":{"rendered":"https:\/\/www.kaspersky.com.au\/blog\/vulnerable-wi-fi\/22743\/"},"modified":"2019-11-15T22:24:52","modified_gmt":"2019-11-15T11:24:52","slug":"vulnerable-wi-fi","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.au\/blog\/vulnerable-wi-fi\/22743\/","title":{"rendered":"Wi-Fi in the office \u2014 convenient but risky"},"content":{"rendered":"

Almost every office has a Wi-Fi network today, and sometimes more than one. Who wants to connect laptops with a cable? And forget about smartphones and tablets! However, a wireless network can be a weak point in your IT infrastructure.<\/p>\n

Password mining<\/h2>\n

Not all companies use complex and unique passwords for their wireless networks, and few bother to disable the broadcasting of the network\u2019s name. And not many at all limit the power of the WI-Fi signal to prevent network connections from outside of the office. Thus, usually little prevents a potential attacker from hanging around near the office and trying to get into a corporate network through a Wi-Fi connection.<\/p>\n

Performing a simple dictionary attack<\/a> on the router\u2019s login takes just a few seconds. Hacking complex password combinations takes more time, unless the attacker is in a hurry, it is quite possible. However, that\u2019s not always necessary, because with some routers, an attacker can simply use vulnerabilities in the firmware.<\/p>\n

Firmware vulnerabilities<\/h3>\n

Researchers regularly detect vulnerabilities that can allow malefactors into a network, bypassing your Wi-Fi router\u2019s passwords and other protective mechanisms. In some cases they can get superuser rights on the device. Usually developers are quick to patch those vulnerabilities. The trouble is that many organizations do not install patches in a timely manner, especially when doing so involves reflashing firmware.<\/p>\n

Guest network<\/h2>\n

Many companies use different Wi-Fi networks for employees and guests. This is a reasonable measure: on the one hand, customers and other visitors to the office can connect to the Internet; on the other hand, they will not have access to the corporate network and internal resources. However, guest Wi-Fi can work against you.<\/p>\n

Getting a password for a guest network is easy enough \u2014 that\u2019s the idea. But in some cases \u2014 if the network is improperly configured \u2014 it can let guests reach some elements of the corporate infrastructure.<\/p>\n

Even with the correct network configuration, your employees can unwittingly put themselves in jeopardy. Suppose that one of them wanted to access a network resource blocked by corporate policy. Without thinking twice, he connects a laptop with confidential data to the guest network. Now an attacker lurking in the same guest network can try to perform a man-in-the-middle attack and infect his laptop with malware.<\/p>\n

How to make corporate malware less vulnerable <\/h3>\n

We believe Wi-Fi networks are still worthwhile; they do, however, need security-oriented approaches for both device and corporate-network configuration.<\/p>\n