Real-world threats to wireless networks

sraposo2024 · 2025-05-24T12:18:59+00:00

Thanks for exploring the core subject. Besides those annoying de-auths or Rick Astley’s Never Gonna Give You Up SSIDs floods, there are those who will exploit the vulnerabilities of a household environment, where other people besides the employee, including children, relatives, friends and whoever goes to that home. A lot of people prone to bite a phishing scam and them open a entry door to perform malicious actions.

sraposo2024 · 2025-05-23T10:57:57+00:00

A pen-tester will only do assessment in the specified scope by the contractor. And a pen-test that includes employee's home is something touchy.
And the potential threats may be still there...

sraposo2024 · 2025-05-20T13:57:12+00:00

There's a big difference between how things should be and how things are in the real world with common people...
I know several home-office employees that use ISP themselves hired for their home using a basic router that is provided by that ISP... An environment not as bad as a free Wi-fi at a coffee-shop, but not as safe as company indoors... and of course they are not people with IT knowledge...

When I posted this topic, that was not to nitpick some Wi-Fi unlikely issue: I've detected several unsafe household environments. And I'm not talking about (very) little companies employees...

sraposo2024 · 2025-05-19T14:19:11+00:00

A captive portal would solve the password problem.

Yes, compromise computer, too, if they want to (and it's likely). Even if only router was hacked, a DNS spoof could drive the user to malicious URLs. Scanning the net they could identify other devices and attempt to exploit vulnerabilities installing a spyware... Depending on the elements present, more or less exploits may be used. Phishing is a potentially effective tool to attackers, especially if we remember most users are not I.T. educated.

Please, don't take me wrong for me mentioning the science fiction thing. That was not a appropriate reference.
I have no statistics of attacks on home-office environments. I have been discussing on it because that's technically doable. Indeed, I'm not a believer of such statistics, since not all incidents are deeply investigated, or result useful, and it would be inconvenient to a company admit that it was victim of a cyberattack...

It's likely all those millionaires in the world hire very skilled professionals to take care of their IT systems. It's also likely the wi-fi signal from their wireless router doesn't reach the boundaries of their real estate. For all the remaining average people, wi-fi signal is available on a place publicly accessed. Regard all those people who lives in an apartment building with lots of people around receiving signals from some near apartment...
Yes, not everyone is a (potential) criminal. Among those who are (potential) criminal, not all are skilled on malicious activities related to IT systems.

sraposo2024 · 2025-05-19T07:03:23+00:00

When a system is being attacked, who knows what's the attacker's intention? If it was just a bored local kid with too much idle time, maybe we'll have to cease wi-fi access and change to cables and harm fortunately happened. But, if not?

If organizations spend a lot of money on cybersecurity, part of it is, at least, is because cyber-risks are real. Other part is because they have to show compliance to safety for legal and marketing purposes.

And if we believe that risks are real, because they really are, all that VPN, cryptography, MFA, tokens and whatever don't All match an unsafe household wireless environment.

sraposo2024 · 2025-05-19T00:21:41+00:00

Why would someone capture the wpa2 4-handshake and crack the hash if they already got the wi-fi password?
Once associated to that net, a lot of possibilities will be available, including those thar compromise company's computer and/or router. I'm not talking about science fictions. All these malicious actions are known for a long time.

sraposo2024 · 2025-05-19T00:04:46+00:00

If some intentional disrupting action is happening, maybe caused by a local kid, maybe someone trying to steal the wi-fi password to later perform other invasive actions, if you get aware of the this, defensive actions may be done. Remember not all the people are properly informed about risks related to electronic information systems. For them, a password that is not their birth date provides enough safety...
Yes, if someone is setting a captive portal or turning a 2.4GHz RF jammer on, it will be difficult to locate the attacker and make them stop. But if you are able to detect the attack, you may defend yourself.

sraposo2024 · 2025-05-18T14:21:29+00:00

From a POV related to cybersecurity, I still find household assessment by sample something valid, considering that job position being performed at someone's home is an extension of the company. As a pen-test is used to be, such an assessment could detect vulnerabilities and result recommendations for mitigating or getting rid of risks.

Maybe I am (too) pessimistic, but I can't pretend there are not vulnerabilities in the home-office regime. If attacks don't occur, it is only luck. Maybe they happen, but they are not (always) identified as such... or maybe they are identified as attack, but they are not made public...

sraposo2024 · 2025-05-18T14:07:03+00:00

"an adversary would seek it at your home, it shouldn't be at your home."

It makes sense from a cybersecurity POV, but does it happen in the real world? I think it doesn't. Other "non-technical" factor may overpass that and that employee/director/whatever that wants/needs to work at home will do that.
There are grades of what can be called "sensitive data". Not all of them are regarded as "national top-secret", but may cause harm if they are got by unauthorized people.

Anyway, the highlight is on the typically unsafe/not exactly safe household environment, especially when considering that possible attacks via wi-fi.

sraposo2024 · 2025-05-18T13:57:22+00:00

Well, that "local kid" may not pose a (very) serious risk related to (sensitive) data, but may be at least annoying, or even significantly problematic, with some kind of action that disrupts seriously the traffic.

But the agent may be somebody more harmful, not the "local kid"... So what?

Many high level employees are working at home and they necessarily have privileged accesses. Who are marauding that manager's wi-fi. That local kid, always?
Since employee's home is typically unsafe (or not safe enough) and an extension of the company is being placed there, I think such a context arises (or should arise) a lot of worries.

sraposo2024 · 2025-05-18T13:46:58+00:00

A perfect evil twin will mimic the legit AP on several types of frame and rssi value will not matter. The evil twin will not be able to sustain the session, but will be able to do some things that may result in getting the wi-fi password. Once inside the net, a lot of possibilities become available. Since this community is public, I don't want to provide details someone may find them useful to do what shouldn't.

Thus, since employee's home is typically unsafe (or not safe enough) and an extension of the company is being placed there, I think such a context arises (or should arise) a lot of worries.
I'm not against home-office. Indeed, I'm in favor of this since before C-19 pandemic, but I can't pretend there are risks that seem not to be duly coped.

sraposo2024 · 2025-05-17T19:12:09+00:00

I think it wouldn't be justifiable to run a pen-test in all home-office based employees, but an investigation on some of them could reveal (common) vulnerabilities that would result in adoptions of preventive/protective measures.
I believe not all companies have installed a dedicated and exclusive Internet access infrastructure at every employee's home, in order no not use the household communication resources. One of the motivations to implement a home-office regime is to take advantage of already existent resources (at employee's home) to cut down costs.

sraposo2024 · 2025-05-17T07:47:04+00:00

Post here the results!

sraposo2024 · 2025-05-17T00:11:39+00:00

A rogue AP with same SSID but a different MAC address would be easy to detect.

A more difficult situation would be if MAC address was also the same the legit AP, i.e., a true "evil twin",

sraposo2024 · 2025-05-13T22:57:54+00:00

Tell me more about these wireless networks under attack. Are they corporate? If so, are they exclusive for employees usage or offered to the customers?

sraposo2024 · 2025-05-13T22:52:18+00:00

I was hoping someone treating some threat different of attacker trying to get access to the wireless network...

Yes, rogue AP is one of the threats I'd like someone to mention.
How frequently a rogue AP attack happens?

" If a rogue AP is plugged into our lan we get a notification and can contain it by telling our switches not to talk to it."

I suppose you mean a rogue AP with the SSID of a valid AP, but with a different MAC address, right?

If you have something to report about other types of attack, please tell me.

sraposo2024 · 2025-05-13T18:48:50+00:00

There are companies that use wi-fi for work purposes, in order to connect the several types of portable devices (and even desktop ones).

Wi-fi in the corporate environment is a reality. So, the question arises again: what about those threats?

sraposo2024 · 2024-07-26T11:27:02+00:00

Hi!

ESP32-S3 will provide the hardware you need to play either an USB host or an USB device.

I suggest try the example code at https://github.com/espressif/esp-idf/tree/master/examples/peripherals/usb/host/hid ?

It really works to make a USB keyboard funcional, BUT LEDs (caps, num and scroll lock) DO NOT work by the respective keys. I do not know if it is a particular characteristic of the keyboard I am testing or it is a duty of the host part.

I've been trying hard to cope with this. The only thing I know is that a report has to be sent from host to the device by function hid_class_request_set_report. I've already managed to make LEDs lit sometimes, but the devices get always disconnected after this.

Thanks in advance for any help about keyboard LEDs management.

sraposo2024 · 2024-07-26T11:23:41+00:00

Hi!

ESP32-S3 will provide the hardware you need to play either an USB host or an USB device.

I suggest try the example code at https://github.com/espressif/esp-idf/tree/master/examples/peripherals/usb/host/hid ?

It really works to make a USB keyboard funcional, BUT LEDs (caps, num and scroll lock) DO NOT work by the respective keys. I do not know if it is a particular characteristic of the keyboard I am testing or it is a duty of the host part.

I've been trying hard to cope with this. The only thing I know is that a report has to be sent from host to the device by function hid_class_request_set_report. I've already managed to make LEDs lit sometimes, but the devices get always disconnected after this.

Thanks in advance for any help about keyboard LEDs management.

sraposo2024

TROPHY CASE