Hacking Home WLANs
It's a great idea to have employees working from home via wireless connections. Unless, of course, hackers break into those employees' wireless LANs -- and potentially compromise your entire enterprise network.
Researchers say it's way too easy to break into most home WLANs because most users typically leave their wireless routers configured with the default SSID, administrative password, and unencrypted settings. That makes the home WLAN a welcome mat into the user's corporate network.
"It's scary how vulnerable these networks are," says Ken Baylor, director of market development and strategic alliances for McAfee. In some recent war-driving tests, McAfee found half of home wireless LANs were unprotected and unencrypted, Baylor says. And few enterprises are paying attention to their users' home WLANs.
The safest bet is a secure VPN connection for your users, researchers say. Even a well-secured home WLAN with a WPA/WPA2 encryption and a unique SSID is still not as safe as a secure VPN link. That's because the wireless encryption ends where the wired network begins.
But even with a VPN, a user can contract spyware and suffer from a keylogging attack, Baylor says.
Meanwhile, most home users run WEP encryption or none at all, he says. Only about 10 or 20 percent run WPA. The 128-bit WEP encryption isn't enough: Baylor says his team was able to crack WEP encryption on a wireless router in less than two minutes.
WEP is notoriously weak for encryption, security researchers say. "If anyone is using WEP to keep anyone except their kid sister from reading their mail, they're in trouble," says one researcher who requested anonymity. "Even WPA-PSK with a weak passphrase is way better then WEP."
Even more dangerous than an attacker eavesdropping or piggybacking on your user's home WLAN is what Baylor calls the "evil twin" attack, basically a phishing scheme that sends the machines to corrupted servers posing as a trusted resource. All it takes is hacking into a Linksys wireless router's DHCP setting, for instance.
"So if the user types in 'bankofamerica.com,' he's sent to a phishing site" that looks exactly like the real one, Baylor says, and it's totally transparent to the user.
"These attacks are simple to set up and get running," Baylor says. "They are undetectable, so it's very likely these have been done."
In an evil twin attack, the hacker basically intercepts and redirects the user to the fake site and steals his bank account or other sensitive data, says Corey O'Donnell, vice president of marketing at Authentium. (See Insecure at the Airport?) The hacker simply logs on as the system admin of the wireless router, which is a no-brainer when the user leaves it in the default setting.
"But home users are no less secure than other non-corporate entities," O'Donnell says. "The vulnerabilities are greater when your users are in a public space, and a hacker comes in and poses as a falsified WiFi connection and steals your data."
How can you protect your home users, and ultimately your corporate network?
— Kelly Jackson Higgins, Senior Editor, Dark Reading