I will start off this week’s discussion regarding wireless with an article that describes how a Las Vegas casino was hacked because of a fish tank that was connected to the Internet, and also a hack in which “smart pads” connected to insecure Wifi were used as the entry point.
https://money.cnn.com/2017/07/19/technology/fish-tank-hack-darktrace/index.html
Can you find other example(s) that demonstrate how wireless networks were the entry point in a successful breach / attack.
Dhaval Patel says
From a residential perspective, a women’s Furbo camera was hacked which is connected to her network. Many of our smart devices are connected back to our networks which can easily be breached.
https://www.kmov.com/news/hey-beautiful-stranger-hacks-st-charles-womans-furbo-camera/article_81a1a09c-48c8-11ec-86fd-0f091750c587.html
Antonio Cozza says
Hi Dhaval,
I think this is an especially interesting topic regarding smart device connectivity to the rest of the network devices; so many people are buying smart device / IOT electronics that are notoriously vulnerable it is somewhat painful to observe. Many of the early models were developed with components made by the same manufacturer(s), which all included critical vulnerabilities. These systems are also notoriously unpatched, the manufacturer simply releases a new model for purchase, which then follows suit with another vulnerability being found and the device not being patched.
Antonio Cozza says
The link below describes a couple different wireless attacks, breaches, and wireless attack vectors. One of the most common wi-fi attacks, the evil-twin attack, is mentioned in the article. This attack is quite common due to the vast majority of public hotspots and wi-fi networks are extremely insecure, especially those in settings like your local coffee shop or mall, as the article explains. Attackers can pose as a student or someone simply working on something on their laptop at a coffee shop, while they have a wi-fi pineapple in their bag nearby, hosting the evil twin, or a very similar SSID to the coffee shop’s network, to which customers may connect and send unencrypted information through. The attacker acts as an MITM, and forwards the traffic to the wi-fi, while recording the intercepted data.
For a more specific example, the article mentions a tech journalist who was working on the story regarding the FBI trying to force Apple to unlock an iPhone, which they refused. During the flight, an attacker aware of the situation compromised the journalist’s machine, and after the flight – warned him that his personal information would be revealed if he published the article favoring the FBI and the article aided in pushing Apple to submit to unlocking the phone.
https://www.titanhq.com/biggest-wi-fi-hacks-of-2016-lessons-learnt/
Dhaval Patel says
Hi Antonio,
The locked iPhone is a great example. It shows that attacks can occur to anyone anywhere and we should be more careful of the networks we connect to.
Patrick Jurgelewicz says
With so many home appliances now labeled as “Smart” Appliances with internet access, I chose to go with this story where 2 Finnish apartment complexes were left without heat as hackers pulled off a successful DDoS attack on the buildings’ central heating systems. Although having smart home systems makes it easier for homeowners to control things on-the-go, they also pose as idle internet endpoints that can be subject to hacks/attacks from across the globe.
https://www.forbes.com/sites/leemathews/2016/11/07/ddos-attack-leaves-finnish-apartments-without-heat/?sh=3dba896f1a09
Andrew Nguyen says
https://www.forbes.com/sites/gordonkelly/2021/07/17/apple-iphone-12-pro-max-warning-wifi-hack-zero-click-exploit-new-iphone-ios-upgrade/?sh=be643952a91d
This article details that a wifi-hack was able to escalate into both local privilege execution (LPE) and remote code execution (RCE) attacks.
I found this really interesting as I would love to learn more about specifically wifi hacking, and the other possibilities that exist apart from the ones described in this article.
Krish Damany says
https://www.retailtechnologyreview.com/articles/2019/09/17/72-of-business-data-breaches-came-via-unsecured-wireless-devices/
While not a specific breach, a study was done that found 72% of UK business suffered a breach due to an unsecured wireless device. This included printers, scanners, phones, and laptops connected to the business’s Wi-Fi network. 43% of businesses had an attack in the last 12 months and 52% of those had open Wi-Fi networks and devices. As many users transitioned to remote work due to the pandemic, this number could be much higher as more and more work devices are being used on home networks, hotel networks, or even coffee shops. If possible, using a VPN can help along with having a strong password Wi-Fi network, or use a personal hotspot from a mobile phone to be isolated.