Open Networks as a potential security threat

We are getting more and more used to being connected to a wireless network all the time, be it in our workplace, at home or in the Starbucks around the corner. Most connections in Switzerland are secured with a rather complex encryption known as WPA2. The Wi-Fi Protected Access 2 (WPA2) is based on the Advanced Encryption Standard (AES) and encrypts all wireless communication. The WPA2 standard is considered to be secure for the foreseeable futurey, as deciphering the communication still takes too much computational time if a strong password is chosen. Some networks, however, are unencrypted or weakly encrypted and pose a subtle but potentially big security risk.

To visualize the key points of wireless network encryption, you can imagine the computers and routers in a network as persons yelling at each other. If the persons speak an universal language (unencrypted communication), e.g. English, every other computer in the room can listen and understand what is being said. If all the computers in the same network and the router agree to talk in a cryptic language (encrypted communication), a nearby computer that does not know this language cannot understand what is being said. This greatly reduces security risks.

Problems with open networks

Open networks, i.e. networks not protected by a passphrase or other authentication methods, have unencrypted communication. This allows persons with malicious intents to drop into the network and exploit the vulnerability of unencrypted communication. They can listen to and even manipulate every piece of content sent over the wireless channel.

There are multiple ways in which unencrypted communication can be exploited. One of the most common methods is the Man-in-the-Middle attack. The attacker ensures the target computer unknowingly talks with him rather than with the router. This allows him to change the content of the communication between the router and the target.
Using this technique, the attacker can sniff out unencrypted passwords or change download- links of executables. The latter attack is much more problematic than the first one. While the target computer is trying to download one specific executable (e.g. Spotify), the attacker can swap the executable with one of his choice, e.g a virus or a worm. Not knowing the executable is not the wanted program, the target will then execute the file, causing an infection of the computer and maybe also of other computers on the network.

Public access to networks without encryption also allows attackers to access network shares that were set up by Windows or Unix users. While network shares can be very useful, they pose an enormous security threat in open networks, as the attackers gain access to the filesystem of the target computer.
Windows users with SMB share points need to be especially cautious: recent discoveries showed multiple vulnerabilities in the SMB protocol, Microsoft’s network sharing protocol. The latest security loophole is the EternalBlue exploit, which led to the WannaCry crysis². The attacker was able to gain unrestricted access to the filesystem, making him an administrator in the Windows Explorer. This allowed remote code execution and made involuntary encryption of personal files possible. The victim had to pay a ransom to decrypt his personal files.

Newer versions of the SMB-Protocol differentiate between public and home networks - it restricts access when connected to a public network, reducing the security risks.
Users are strongly advised to protect their network shares. Even though SMB has security issues, it still protects your network share (SMBv3 has AES 128 encryption and pre-authentication checks, making it hard to crack). Unencrypted network shares allow for plaintext access to the files hosted. This opens up possibilities to manipulate files.

An open network can cause even more problems. If you catch malware, e.g. from opening a mail with a script attached to it, you may jeopardize your whole network and neighbouring networks. Especially worms are known to be able to spread from computer to computer in a network, causing extremely fast spread of the malware.
What most people do not know is that a worm can also hop from one access point to another if the networks are open or weakly encrypted. Especially in urban areas, if the access points are not protected by a passphrase, this causes fast spread to hundreds of computers in very short time.

The aforementioned attack type is currently still being used to compromise systems. The ransomware WannaCry¹ uses worm-like behaviour to spread from one network to another. As the industry and public infrastructure lag behind with upgrades of their operating systems (upgrading all the computers in an industrial setting often costs several millions of CHF), many institutions still use Windows XP or even older operating systems which still had the security flaw that WannaCry exploits (newer versions of Windows did not have the security flaw, as they do not use the same SMB protocol). Microsoft quickly rushed a patch to cover the security flaw.
These unpatched systems allowed the malware to quickly spread in the public infrastructure, rendering hospitals and train stations unable to perform simple computational tasks. This is the fault of open networks and persons uneducated about security risks, which enabled the worm to have such far-reaching consequences.

Solutions to protect yourself

Fortunately, there are solutions to protect yourself. While at home, if your own network is unsecured, there are simple steps to protect yourself and others. As a network administrator, i.e. owner of your router, you can easily change the encryption and security of your network by accessing the router settings³. The router -settings can usually be accessed via 192.168.1.1 or 192.168.0.1 (the gateway of your network, addresses may vary). If you have not already changed the administrator password of your router, you should do it now, as the standard passwords can easily be found by persons with malicious intents. Change the security to WPA2 and chose a strong passphrase, this will encrypt all wireless communication on your network. This will stop worms and other malware from spreading to your network if the attacker has no access to the password. Furthermore, attackers will have more difficulty to perform Man-in-the-Middle attacks.

If you are in a public network, e.g. in a train-station, you should try to encrypt your data sent to the access point, by either using HTTPS protocols or a VPN. This way, your entire communication with the rest of the internet will be encrypted.
Students from ETH can use the ETH’s VPN to protect their communication from Man-in-the-Middle attacks. Note that using a VPN or the HTTPS protocol does not protect you from malware spreading to your computer from the rest of the network, it only protects you from Man-in-the-Middle attacks.

Furthermore, while in public networks, all background tasks should communicate with encrypted means, e.g. Mail-Communication may be unencrypted, so try to use mail-servers which support encryption (e.g. ethz-mail, GMail; with TLS or SSL). This should protect the contents of your mails from manipulation.

And something that always helps: Keep your operating system and applications up-to-date. This prevents most exploits from affecting your system. Security engineers try their best to find vulnerabilities and try to patch them as fast as possible in updates.

(1) Information about the working principle of the WannaCry ransomware:
- http://blog.talosintelligence.com/2017/05/wannacry.html
(2) Information about spread of the WannaCry from Symantec:
- https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/wannacry-ransomware-attack
(3) How to change your router password:
- https://www.lifewire.com/how-to-change-your-wireless-routers-admin-password-2487652