The ability for our devices to seamlessly autoconnect to WiFi networks we’ve chosen to connect to in the past is a wonderful convenience. Newer OS, including Android, Windows, and iOS store information about access points we’ve connected to in the past and synchronize this information across devices. For example, this is why, when I visit my mates place with a new laptop, it’s already configured to access his Wifi even though I’ve never connected with that specific computer before.
If you’ve been dealing with security for any length of time, you’ll have heard the expression that increased security leads to increased inconvenience. The more convenient something is, the more likely it is to be less secure.
This is much the same with remembered WiFi networks. Something that’s convenient is also a security risk.
It turns out that when your computer has WiFi enabled, but isn’t connected to a familiar network, it sends out probes for networks that it has connected to in the past. I hadn’t thought about this myself until Security MVP Troy Hunt did a presentation using Karma on a WiFi Pineapple at a recent conference I attended. The WiFi Pineapple is a device running a custom distribution of Linux named Pineapple. It includes a collection of security tools that you can use to perform a wireless security audit. Troy used the device to show us our devices merrily chatting away, looking for access points we’d connected to in the past.
Big deal right? You can perform a capture to view a list of all access points that you’ve connected to in the past that the device remembers.
The interesting thing is that Karma figures out which of these access points require authentication and which don’t. Chances are that some of your devices have connected to access points that don’t require authentication, such as those at the Coffee Shop, Airport, Fast Food place, University, Conference and so on. What the WiFi Pineapple does when running Karma is to mimic those access point names.
Most devices will silently connect to access points that they remember. Here is your device spewing out the names of all the access points it has connected to in the past, including those that don’t require authentication. Karma running on the Pineapple simply provides an access point with that name and as quick as you can say “Pwned” your computer has connected to the rogue access point.
The Pineapple can be configured to provide pass-through internet – routing traffic from the rogue access point through to a legitimate one that the person managing the device has configured a connection to.
From your perspective, your device now has internet connectivity. If it’s a phone, it’s probably switched to using that rather than your data connection. Except all your traffic passing through the Pineapple can be intercepted as you’re now the subject of a “man in the middle” attack.
Getting rid of networks that you’ve previously connected to is a bit of a bugger. With some operating systems, you’ve got to actually be in range of the network to configure the computer to forget it. In Windows 7 it was fairly easy to remove remembered Wifi networks even if you weren’t in range. I’m not sure that there is an easy way to do this with Windows 8.1, but you can do it from the command line.
For example, on my brand new Lenovo Yoga Pro 2 I ran the command
Netsh wlan show profiles
That generated a list of all the profiles associated with my Microsoft Account login. Of the 21 listed, I’d only connected to 2 using that machine (the rest had synced down from the Microsoft cloud).
It’s then possible to use the command
Netsh wlan delete profile name=”profilename”
To delete individual profiles. I went through and deleted most of the 21.
Again it is possible, when making that initial connection, to tell the computer not to remember the network. What would perhaps increase security is to have a setting somewhere where you could configure your computers to automatically remove any WiFi networks that do not require authentication after a certain period of time has elapsed.
If you want to learn more about the Pineapple device, watch the video linked off Troy’s website linked above.