How Using Open Wi-Fi Could Get Safer

For a long time, there have only been two main types of wireless networks: those that are open and those that are closed, secured and encrypted. While almost every government agency that uses wireless internally has opted for the latter, that doesn’t protect its employees, or anyone else for that matter, when they are out and about.

I would guess that almost all of us have used our phones to log in to open Wi-Fi networks, whether sitting in a restaurant or coffee shop, waiting to see a doctor or just while out shopping. Almost every business and organization provides Wi-Fi these days. And if you agree to use the Wi-Fi at a chain type establishment like McDonald's, then your phone might automatically log in every time you visit or even drive past any of the thousands of other golden-arched establishments across the country.

For the most part, using local wireless ensures a quicker connection compared to what is likely an overburdened cellular network. And the vast majority of those interactions between a mobile device and a local access point are fine. But the open nature of that connection does provide an opening for enterprising attackers.

A few years ago, I took a hacking class as part of a feature project I was writing. During my nefarious schooling, I was taught how to set up and maintain a so-called man-in-the-middle attack, which was just getting popular at the time. In a basic man-in-the-middle attack, an attacker goes to a public place like a coffee shop or an airport. They find what “official” wireless networks are operating in the area and then spoof an access point that mirrors the real thing. The crime used to be simply collecting credit card info from unsuspecting users and then passing them through to the real access point so they didn’t realize anything was wrong. But now that almost all open wireless networks are free, that has fallen out of favor.

Today, man-in-the-middle attacks are more insidious by nature and take a bit more work. Attackers can still spoof an open network and pass captured credentials on, but nobody is going to fall for providing credit card info to use free Wi-Fi. Instead, the attacker truly becomes a man in the middle, capturing all traffic on the open channels and routing it through their laptop (it might be a bit much for a smartphone to handle) while recording everything. They might still capture credit card information, but only if the targeted users are buying something from, say Amazon, using the open connection.

But imagine if an attacker found a local hotspot frequented by federal users and set up shop during lunch, intercepting their communications on the establishment’s open network and recording everything. Perhaps they could discover the credentials for the agency’s secure network, enough personal information to set up a phishing campaign, or even government secrets. Given enough time, and a large enough user base, a lot of sensitive information could probably be captured.

So it was interesting to learn that efforts are underway to secure open Wi-Fi, or at least to try and make it more secure than it is now. The new standard, announced last week by the Wi-Fi Alliance, is called Enhanced Open. And while it’s not nearly as good as a fully encrypted wireless network, it goes beyond the all-or-nothing approach the technology relies on today.

Aruba Networks technologist Dan Harkins, who helped to write the new Enhanced Open security standard, explained that the flaws of open wireless exist today because nobody envisioned how popular and ubiquitous the technology would become. “We did that based on how we thought Wi-Fi would be used,” he said. “It turns out that people are using it in ways we didn’t expect.”

Enhanced Open is based on the Opportunistic Wireless Encryption (OWE) standard, which is an extension of the Institute of Electrical and Electronics Engineers’ (IEEE) 802.11 Wi-Fi standard. OWE overlays a Diffie-Hellman “handshake” exchange when the initial connection between a device and access point for an open network is created. Thereafter, all communications between the client and the access point are encrypted.

OWE is designed to be seamless to users. They simply click to join a network and everything happens automatically, just like with any other open network. However, there are a couple of drawbacks. First, both the client device and the access point need to have the OWE standard in place, which generally means both need to be new devices or those that have been retrofitted to support Enhanced Open.

Perhaps a bigger problem is that users won’t actually be able to tell if they are using Enhanced Open or not. No lock icon will appear in their system tray when selecting a wireless network, because it was thought that using the symbol would confuse users into thinking that the network was unavailable and closed. But Enhanced Open designers should probably think of something to show in its place, perhaps a yellow E or something.

As it stands, people using open networks won’t know if they are benefitting from a secure, encrypted connection over an open network the next time they sip their coffee at the back of a shop. But they might be more protected than they were before, and at least that’s a step in the right direction.