Otago Polytechnic

Wireless networks are commonly used to access the Internet but security is an issue.

Wireless technology is used all over the world for communication, Internet-based business management, money transactions etc. But most users are not properly aware about security of information while using WiFi networks. Public WiFi is especially vulnerable to cyberattacks. For example in an Evil-Twin attack, the attacker sets up a rogue Access Point (AP) which mimics a legitimate AP. A deauthentication signal forces users to disconnect from the legitimate AP. When trying to reconnect, users often end up connected to the rogue AP which can then harvest users' confidential data. 

Information Technology Faisal Hasan and his research student collaborators investigated security awareness amongst WiFi users at the University of Dhaka. First they designed and built a unique pen-testing device which would securely monitor user responses to mock Evil-Twin attacks. More than a quarter of the people studied connected to the fake AP. However when a pop-up page asked for a password, users became more aware of security. Interestingly, users in a science faculty area were less likely to provide passwords when prompted by the popup then users in a business faculty area. And public area WiFi users were most likely to provide a password when prompted by the popup.

The study identified steps that system administrators should take to minimise risk to WiFi users. Individuals can also help protect their own security:

  • Use Virtual Private Network (VPN) when using public WiFi
  • Use https protected sites rather than http
  • Check Access Points are legitimate before using free WiFi
  • Update software and protocols regularly
  • Use strong passwords
  • Ensure website certificate authentication
  • Remove access points which are less frequently used from autoconnecting when near

 

TECHNOLOGY & DESIGN

June 2020