Mobile Workspace Security

[Exclusive] WiFi for Mobile: The Security Issues

Public and insecure WiFi hotspots are an unavoidable part of the modern employee’s day-to-day life. With the mobile nature of the workforce today, as well as the low-cost option of WiFi vs. mobile data, WiFi mobile security deserves a second look.

To fully assess the risk, get your hands on an advance copy of Wandera’s WiFi Mobile Security Report now.

WiFi for Mobile

This WiFi mobile security blog was contributed by Michelle Base-Bursey, product and partner marketing manager at Wandera.

People tend to favor WiFi over cellular connections for obvious reasons: They’re usually faster, don’t tax your data plan and are widely available.

Proving this theory is the fact that WiFi traffic has now exceeded cellular traffic overall, and this disparity isn’t expected to change anytime soon.

Cisco predicts by 2021, 63% of total mobile data will be on WiFi, compared to 60% in 2016. Furthermore, according to Wandera’s data, the ratio of WiFi to cellular data usage for the average employee is 3:1.

Total_Mobile_Traffic_Wi-Fi

What About Security?

At first, one might not worry about these statistics, due to the fact that most organizations have heavily regulated and secure networks in place for their offices. While this may be true, it’s important to remember that employees no longer only do business within the four walls of the office.

Mobile devices are now used for business purposes outside of “work” on a regular basis. In fact, according to data pulled from Wandera’s global network of enterprise mobile devices, the average number of WiFi connections the typical corporate device makes per day is 12.

As an attack vector, WiFi hotspots are the perfect vehicle to intercept a user’s traffic. Using relatively cheap and readily available tools, minimally skilled hackers can easily eavesdrop and monitor online traffic to capture valuable information, such as login credentials and credit card details.

The Risks

Attacks_on_the_Device_Trust_Model_Wandera

There are a number of inherent risks in allowing your corporate mobile devices to connect to WiFi networks. WiFi attacks happen much more often than you might expect.

The WiFi security report from Wandera does a deep dive into each WiFi threat type, including the following:

  • Digital exhaust: When an attacker picks up the cookie crumbs your mobile device leaves as it connects to different hotspots
  • WiFi snooping: When an attacker eavesdrops on your online activity while you’re both connected to the same network
  • Physical/network layer attacks: When an attacker has physically compromised a wireless infrastructure or has the ability to tamper with signaling on the local network
  • Higher-layer protocol attacks: When an attacker tampers with the connection that is established between a client application and the internet
  • Attacks on the device trust model: When the attacker tampers with a user’s device configuration, forcing it to implicitly trust the attacker and his malicious services

Key Insights

The WiFi mobile security report delves even deeper into the mobile WiFi threat landscape, providing key insights into where and how often WiFi attacks are taking place.

Wandera’s research shows that 4% of corporate mobile devices have come into contact with a man-in-the-middle attack in the past month. These range from surface level data leaks to motivated attacks that compromise the device trust model.

It might be tempting to think these WiFi attacks are only happening in notoriously dangerous places like China or Ukraine. The data from the report, however, tells a very different story. It shows that privacy and security-conscious countries, such as those in Western Europe and North America, are vulnerable to WiFi attacks.

man-in-the-middle_attacks_corporate_devices_Wandera

As is the case with many other kinds of threats, attackers are targeting the places they believe they can get the biggest gains—and that means aiming at U.S. and European businesses. These insights prove that WiFi mobile security threats are a global issue that must be taken seriously.

What Can Be Done?

New WiFi technologies and attacks will continue to emerge. Security admins need to be aware of new threats, assess their security posture and take appropriate action to protect their networks and corporate devices.

For more information on WiFi security risks, download our pre-release version of the WiFi report from Wandera.