technology

wifi security today and attack vectors

because of current occasion …

… inside a wifi you could find your ip in android 8 settings > about > status, use unsecured services like sonos, scan for other clients, check open ports, bruteforce backend services (router, firewall)

open wifi – in 2018 none should access untrusted unsecured wireless networks anymore

wpa encryption – works with “handshake” to ensure trust between devices – wpa2 added advanced encryption standart (aes) – wpa2 is vulnerable: key reinstallation attacks – wi-fi alliance announced wpa3 with additional security features

public wifi – when accessing a wifi while shopping, your devices are redirected to a captive portal to accept policies and establish a secure connection

vpn – apps like nordvpn esablish secure connection to add another layer of security, browse incognito through the internet

business – could use radius protocol to check validity of authentification – further enroll client certificate via mdm to authenticate via 802.1x – aruba clearpass can check devices status in mdm to ensure security and trust at the entire cycle

rouge access – attacker can fake access points to start a man in the middle (mitm) attack, intercept your private data, for example this pineapple nano

ssl srip – a method to redirect traffic from https to http to force unencrypted transport – every passcode is unprotected, even it is shown as secure

secure-info.jpg

mobile devices management – is a way to protect company devices, e.g. disallow profile installation – but in a byod or mam-only scenario you can’t disable all features

mobile thread defense – mtd is for private and business devices, check behaviour and use ai to protect – like lookout as cloud service and additionally on device like zimperium, partners with mobileiron

general, technology

got leaked?

are you really sure that your account is/was not compromised – hasso plattner institute analysed over 5 billion leaked user accounts – your able to check if it’s listed in at least one stolen or unlawful published identity leak

they further analyse password qualityastonishing how easy password are still in 2018

password quality

need an extra layer of security ? use multi factory authentication, two factor authentication, 2fa, two step verification or fta – additionally to username and password are further method is requested to successfully authenticate like

  • software token
  • hardware token
  • sms token
  • google authenticatorandroid | ios
  • microsoft authenticatorandroid | ios

a lot of services currently offer this security, you just need to enable it

gotleaked3e.g. fedex exposed thousands customer records on a password-less server, companys should care about your data as well, especially for european citizen because of gdpr