Network Threats : Corporate Mobile Devices & Public Wi-Fi
It’s incredible how many people don’t realize that their mobile devices are vulnerable to hackers or electronic eavesdroppers.
Countless individuals employed at corporations only think in terms of computers when considering cybersecurity. They only think of viruses and hackers, worming their way into desktops and laptops. But bizarrely, they are ignoring one of the most vulnerable access points for malicious actors: our corporate mobile devices.
In the 2020 Verizon Mobile Security Index Report, they say, “Twenty percent of organizations that suffered a mobile compromise said that a rogue/insecure Wi-Fi hotspot was involved.”
And it’s estimated that most mobile devices automatically connect to up to three entirely insecure public Wi-Fi hotspots a day. The result of this could be that your employees’ mobile devices are compromising the security of your corporate networks. But what can be done to prevent this?
The Dangers of Public Wi-Fi
Think about this scenario: an employee heads off to lunch, taking their corporate mobile device with them. Once at Starbucks, they connect that device to the free Wi-Fi without thinking about it. After all, they don’t want to use up their data, right? But this could spell disaster.
Public Wi-Fi is notoriously insecure. With countless people logging in regularly, businesses put up few (if any) barriers of entry. You can’t know who else is connected to the same public network you are, meaning that a skilled hacker could gain access to your device without you realizing it. Then, you head back into the office, automatically reconnecting to the Corporate Wi-Fi with a compromised device.
The Verizon reports says that, “Despite the risks, less than half (42%) of organizations said that they prohibit employees from using public Wi-F to perform work-related tasks.” Further, “Fifty-five percent of those who know that public Wi-Fi is prohibited use it anyway.”
From a cybersecurity POV, that’s terrifying.
Why is it So Dangerous?
Being connected to public Wi-Fi can leave you open to what’s known as “Man in the Middle” attacks, or MitMs.
Imagine that someone heads into a Starbucks and wants to connect to the free public Wi-Fi. They’re in a hurry and aren’t paying close attention, so they fail to see that they’ve accidentally connected to a network called “Star bucks Wi-Fi.” Everything appears to be working correctly with the connection, so they don’t think anything of it.
But here is the problem: that wasn’t a legitimate Wi-Fi signal offered by Starbucks. Instead, that person has connected to a hotspot sent out by a malicious actor. That person can now unleash dozens of tools designed to intercept the information being sent out by the mobile phone, including security keys, passwords, credit card info, text messages, or even secure emails.
How Can You Prevent These Network Threats?
That’s easy: You never connect to public Wi-Fi!
Public Wi-Fi made more sense years ago when most cell phone plans had ridiculously low data caps. You didn’t want to use up all of your bandwidth, so you connected to the unlimited public internet offered by cafes. Today, things are different. We have much more bandwidth on our plans and, if you’re using a corporate mobile device, data limits might not even be an issue.
Further, most public Wi-Fi is embarrassingly slow. You can’t do much more than browse the internet on it, if even that. Most 4G connections are much, much faster than public Wi-Fi, and the difference is only going to be starker as 5G technology becomes more mainstream. At that point, the fastest, most secure connection available will by your mobile signal, eliminating the need to connect to public Wi-Fi at all.
That said, it’s essential to educate your employees about the dangers of public Wi-Fi and why using their mobile connection is superior. By doing so, you will be protecting both their personal data and the security of your corporation’s networks.
ComSec LLC’s Experience with Mobile Threats
As we are in the Cyber TSCM business, we get to see many of these threats to mobile security up close and personal. What’s amazing is how simple and effective some of these attack vectors can be.
Countless times when doing an audit of corporate cybersecurity measures, we found rogue Wi-Fi signals with names very similar to those of real corporate access points. These hot spots were set up by malicious actors to trick corporate users to connect to these fake networks rather than the real one. Just like in the Star Bucks Wi-Fi example, if someone isn’t paying attention, they could easily assume that the fake signal is simply a backup of the actual one. After all, what’s the difference between Wi-Fi networks named, “Corporate Wi-Fi” and “Corporate Wi-Fi 2?”
We have also detected mobile devices that are in use in areas designated as IoT-free areas. On these occasions, we locate the unauthorized devices, then tell the client which network it’s connected to so it can be disconnected ASAP.
There can even be potential attack vectors that seem innocuous at first but could provide hackers an opportunity to gain access to your network. We once found a Smart TV in an office waiting room that was not adequately secured. It would be easy for an electronic eavesdropper to use this weak point to access the entire corporate network.
With ComSec LLC’s Corporate TSCM Services, we check for rogue Wi-Fi networks, access points, and devices. Once we detect them and use our equipment to determine their location, and we can disconnect them from your Corporate Wi-Fi network, preventing the possibility of further intrusions. We also offer similar Residential TSCM Services to protect your privacy and data at home.
With our help, countless individuals and corporations have secured their mobile devices and prevented malicious actors from stealing their data, hijacking their network, and disrupting their business. Contact us today, and let’s get you started on the path of a secure mobile future!
About the Author:
J.D. LeaSure, CCISM, is the President / CEO of ComSec LLC, a global provider of world class counterespionage and TSCM / Cyber TSCM™ services. www.ComSecLLc.com