WPA2 Secured Hotspots: Feasible with New WiFi Alliance Hotspot Certification

Written by

Public WiFi hotspots have shown tremendous growth in recent years. Much of this can be attributed to growing number of people carrying smart mobile devices (such as smartphones and tablets) and using bandwidth-consuming internet applications (such as gaming, social networking sites and audio/video streaming) frequently.

As most of the smart mobile devices manufactured today include WiFi capability by default, a public WiFi hotspot can reliably serve (with faster speeds) data hungry applications running on the mobile devices connected to the hotspot. On similar lines, mobile carriers such as AT&T have already started establishing their public WiFi hotspot base, spread across various geographical regions. The initiative helps a carrier to bring down the ever-growing load on their limited capacity cellular infrastructure along with increased customer convenience and satisfaction. With the continuous growth in the user base and growing bandwidth demands by the mobile users, more and more carriers across the world are now pursuing this initiative aggressively.

However, usually, most of the public WiFi hotspots are open, configured with no security to simplify the connection mechanism and eliminate the hassles of distributing security key. Also, fixed key-based security mechanisms such as WEP and WPA-PSK do not work for public WiFi hotspots because a hotspot user base is highly dynamic, and not a trusted one. A user with malicious intent can easily use the fixed security key to exploit another user, both connected to the same hotspot. Moreover, WEP can be easily cracked, while WPA-PSK can be potentially subjected to a brute force dictionary attack with use of cloud-assisted computing power.  

Being an open connection mechanism, the restriction to internet access through a public WiFi hotspot is generally controlled through a web portal or specialized software installed into the connected device. There is software, developed by carriers, that is being installed into the devices provided by them to help users automatically connect to a carrier WiFi hotspot and then securely logged into the carrier WiFi network, for internet access.  

But, the underlying open WiFi connection with a hotspot poses significant threats to the connected user. The user can be subjected to eavesdropping or Man-In-The-Middle attacks very easily while engaging in an open WiFi connection, potentially resulting in identity theft, data theft or malware/virus installation, etc. Therefore, a user needs to be careful while connecting to an open WiFi hotspot and take special measures, such as using VPN services, surfing secure (https) websites only, and not approving fake website certificates. Apart from the restrictions/inconveniences posed by such measures, most users remain careless or uneducated on these aspects and end up becoming the potential targets of WiFi hackers.

However, with the WiFi Alliance announcing the new Hotspot certification program recently, the use of public WiFi hotspots (setup by various carriers) will become more convenient, flexible, reliable, secure and easy. This will help carriers to seamlessly offload data services to a WiFi hotspot (when available), reducing the load on the existing 3G/4G cellular networks. Also, the customers will have better mobile experiences.

The new certification program aims at creating a simpler and more standardized way to discover, subscribe and securely connect to hotspots around the world. This includes automatic discovery of hotspots based on user preferences/operator policies/network optimization, automatic network authentication based on existing mechanisms for cellular networks such as SIM cards, account provisioning at the point of access without user intervention, and the WPA2 encryption mechanism for the underlying WiFi connection.

Use of cellular-based authentication mechanisms via SIM cards in the new program, along with WPA2 encryption mechanisms, will provide strong and transparent WiFi security to the hotspot users, which is long awaited. However, in light of such upcoming WPA2-secured WiFi hotspots, the recently reported WiFi vulnerability, Hole196, where the attacker can launch a Man-In-The-Middle attack even on the most secure WPA2-based WiFi network, becomes important. Earlier, the attack based on exploiting Hole196 was considered by those with inside technical knowledge, as it requires the attacker to be authenticated and connected to the same WiFi network. However, while using the secured WiFi hotspot, there is nothing like an insider, and a malicious hotspot user can cleverly launch an attack on another user of the same hotspot by exploiting the Hole196 vulnerability of WPA2 networks, unless the same is appropriately addressed.

Although the upcoming WPA2 secured Hotspots certified by WiFi Alliance will certainly be a boon to both carriers and mobile hotspot users, addressing the Hole196 vulnerability via a security scanning function or some fixes in Access Point function will make security of such Hotspots even more robust. The new certification program is planned to be launched in the first half of 2012; untill then, let’s wait and watch for more elaborate details on the plan. 

What’s hot on Infosecurity Magazine?