Risky Wi-Fi Hotspots
Threat Description and actions taken by Wandera
Threat Description
A Man-in-the-Middle attack is a sophisticated network-based exploit that is specifically designed to intercept and/or manipulate otherwise encrypted data without the end user’s knowledge. It may be carried out on WiFi or Cellular networks.
Wandera offers patent-pending MitM detection technology that reliably detects if SSL/TLS network connections are being compromised while using any WiFi or Cellular network. Such compromises are evidence of a MitM attack, which may or may not be of malicious intent.
MitM attacks are typically carried out in the following ways:
- Creating an open WiFi hotspot promising free Internet access. The attacker natively routes traffic through the MitM service and may or may not actually provide Internet access.
- Impersonating common open SSIDs, namely those found at airports, hotels, and coffee shops. This tricks the user into joining the malicious network, enabling the MitM access to all network traffic.
- Socially engineering the user to install a malicious profile that proxies network data to a MitM on the connected network.
- Compromising wired or wireless network infrastructure to route traffic through a MitM service without the users knowledge.
- Nation states or ISPs that intercept data to enforce censorship or otherwise monitor digital communications.
It is important to note that there are some cases in which a MitM will be detected but is not representative of malicious intent. However, even in these cases, the SSL/TLS connection chain-of-trust is still being broken, enabling encrypted data with the expectation of secrecy to be potentially accessed by an unauthorized 3rd party.Specific examples of this situation include:
- Public WiFi hotspots with captive portals, like those commonly found at airports, hotels, and other public locations. Many hotspots will spoof SSL certificates such that requests to HTTPS sites may be re-directed to a pay-wall for Internet access. In the process of doing so, the user may inadvertently grant the gateway access to other SSL/TLS traffic, such as Exchange ActiveSync. Though usually not exploited, this allows a network operator to potentially access encrypted communications, including credentials.
- Corporate network traffic inspection. Some organizations use proxy servers or other network equipment designed to operate as a “controlled” MitM to assist with data loss protection, web content filtering, or other acceptable usage policy enforcement. Usually corporate devices that are authorized to use these networks are loaded with a 3rd Party Trusted Root Certificate Authority such that the device automatically trusts connections to that network, even though the certificate isn’t genuine from the requested endpoint.
Wandera flags MitM threats based upon whether or not the device inherently trusts the invalid SSL connection. Specifically, if the device trusts a certificate that is known to be forged, Wandera raises a maximum security event as this is indicative of a significant device compromise. However, if the device doesn’t automatically trust a forged certificate, a lower-rated threat is raised since acceptance of the connection generally requires manual user approval to proceed.
How to handle the threat
- Contact the device owner and ask them to disconnect from the malicious WiFi hotspot by “forgetting” the SSID to prevent the device from automatically reconnecting. Alternatively, instruct them to disable WiFi completely and to not use the identified network any longer.
- In the event that the user’s network credentials were compromised, we recommend forcing a reset of the user’s password for all IT-managed services immediately.
- Notify the user that they should reset passwords for all personal and business accounts used on the device.
- Consider quarantining or wiping the device based upon your organization’s security policies.
- If possible, perform an audit of this device’s access to corporate data resources to ensure a data breach did not occur.
Wandera keeps your devices secure from
Ransomeware
BAD CERTIFICATES
MALICIOUS APPS
MALICIOUS WEB SITES
ABUSE OF CREDIT CARDS
POORLY IMPLEMENTED SECURITY
HOW IT WORKS
Wandera Secure was designed for mobile and works seamlessly on iPhone, Android and Windows phones.
After installing the solution the app will protect and inform you directly if there are severe threats on your mobile device.
Additionally, you will receive an e-mail at the end of each month, with an overview of detected and remediated security threats during the month.
Wandera Secure gives you peace of mind!
REAL-TIME MACHINE LEARNING ANALYSIS
Billions of daily mobile data inputs are collected through the multi-level architecture and analyzed in real time by a mobile intelligence engine powered by Wandera.
Beyond inspecting the content, it studies the apps making each request, and maintains a reputation for each app.
When you analyze more data, you intelligently prevent more threats.
21,687,777
Unique Domains Visited
481,386
Requests handled
1,175,105,406
High severity threats detected
58,226
Data seen (in GB)
201,023,768,321
Daily inputs from mobile devices
MANAGED FOR YOUR CONVENIENCE
It’s in your (colleague’s) best interest to be able to use the smartphone / tablet to do business without worrying about anything else.
Flexinets now offers an Enterprise Mobile security solution for small and medium businesses as a managed service to make sure that you at least don’t have to worry about the security of your mobile devices.
Wandera Secure handles a variety of mobile threats
DEVICE THREATS
Jailbreaks, Semi Jailbreaks, Outdated OS, Malicious Profiles, Vulnerabilities.
APP THREATS
Personally Identifiable Information (PII) leaks from approved apps, Ad servers & APIs, Sideloading, Permissions.
WEB THREATS
Malicious sites & apps, Browser exploits, Phishing & Spam.
INFRASTRUCTURE THREATS
Man in the Middle Attacks, Rogue hotspots, Certificate spoof, WiFi phishing, Public cloud apps.
TRUSTED BY OVER 750 GLOBAL ENTERPRISES
Managed for your convenience
RANSOMWARE
How some exploits/malicious apps can block your phone?
When e.g. an email is sent to your account with a link to an invoice. As soon as you open the link, you will be sent to a website that can infect your smartphone with software e.g. “ransomware”. This software will lock your screen from further usage. The only way to access your phone again is paying the requested ransom to obtain the necessary code to unlock it (or restore your latest phone backup).
How we protect you against exploits/malicious apps?
Our Mobile Security Solution protects you against exploits/malicious apps. As soon as you click the link, the access to this site is blocked so ransomware can not be downloaded on your phone. This happens because the link is analysed by our malware detector (which analyses 2 billion web request every day) which then defines the website behind the link as insecure and access is denied.
MAN IN THE MIDDLE ATTACK
How can encrypted email be hacked?
Even if your email is encrypted, hackers can still compromise your privacy if you connect to a rogue hotspot (a hotspot masked as a free wifi hotspot for example at your local coffee shop.) that a hacker has set up. You think you are securely connected to your local café. In reality, it can be a mobile hotspot set up by hackers to exploit weaknesses in apps and possibly gain access to secure communication to read all your unencrypted communications as soon as you’re logged in. The hacker can with this information pretend he is you. And for example send an email in your name to your colleague eg. with a message that you for example need to transfer money or have to pay an attached invoice. The more information a hacker gets about you, the easier they can impersonate you and take advantage of the situation.
How we protect you against this?
Our Mobile Security Solution can help identifying potentially malicious hotspots and protect you from situations like this. The service seamlessly scans and determine if a wifi hotspot is not secure and can block or warn about it to prevent your email from being misused.
UNSECURE APPS
How your credit card information can be used by hackers?
We are buying more and more products and services online via our smartphones / tablets. When you do this, your credit card information is sent over the internet and in some cases this is done unencrypted (last year, this happened when flights were booked through the Easyjet app and a number of other airline apps). If this happens, the credit card information can be read and can be misused by hackers.
How we protect you against unsafe apps?
Our Mobile Security Solution protects you against these insecure apps through a combination of app reputation and scanning for unencrypted personal data like credit card numbers, passwords etc. If personal data is sent unencrypted or there are other security issues, you will be notified immediately via an in-app notification. You can then delete the app to be sure that your personal data is not misused.
Flexinets Sweden
Flexible Networks Nordic AB
Visiting Address:
Mäster Samuelsgatan 60, SE-111 21 Stockholm,
Sweden
Postal Address:
P.O. Box 3029, SE-720 03 Västerås, Sweden
info@flexinets.se
support@flexinets.se
Flexinets Finland
Flexible Networks Nordic OY
Visiting Address:
Tekniikantie 14, 02150 Espoo,
(Helsinki) Finland
Flexinets Denmark
Visiting Address:
Savsvinget 7, 2970 Hørsholm
Copenhagen
Denmark