Unpacking Wi-Fi Authentication & the Many Instances in Which Companies Got Caught Slipping

Wi-Fi authentication is the process of verifying the identity of a user or device that wants to connect to a wireless network. Corporate networks, especially those in manufacturing companies, retailers, and healthcare organizations, often require strong authentication mechanisms to ensure the security of their data and systems.

There are several methods of Wi-Fi authentication, including:

• Pre-Shared Key (PSK) authentication: This method involves the use of a shared password that is distributed to all users who are authorized to connect to the network. This is a simple and easy-to-implement method, but it can be less secure than other methods because the password can be easily shared or intercepted. (NOTE: At Portnox, we strongly urge organizations NOT to use PSKs for network authentication and access due to its inherent vulnerability.)
• 1X authentication: This method involves the use of a RADIUS (Remote Authentication Dial-In User Service) server that verifies the identity of users or devices attempting to connect to the network. The server uses a certificate-based authentication process, which is much more secure than PSK authentication.

Wi-Fi Authentication Woes Experienced by Manufacturers

For many manufacturers, Wi-Fi authentication is critical for ensuring the security of the network and the sensitive data that is transmitted over it. The authentication process must be fast and seamless to avoid disrupting production processes. The use of 802.1X authentication is common in manufacturing companies, as it provides strong security and can easily integrate with existing user management systems.

Manufacturing companies are also vulnerable to cyber-attacks that target their Wi-Fi networks. Here are some examples of notable cyber-attacks against manufacturers that targeted Wi-Fi networks:

• NotPetya ransomware attack: In June 2017, the NotPetya ransomware attack affected several global manufacturers, including Merck, FedEx, and Maersk. The attack exploited a vulnerability in Ukrainian accounting software and spread rapidly, encrypting data on infected machines, and demanding a ransom in exchange for the decryption key.
• Dragonfly 2.0 attacks: Between 2015 and 2018, a group of hackers known as Dragonfly 2.0 targeted energy and manufacturing companies in the US, Europe, and Asia. The attacks included the use of spear-phishing emails and the installation of malware on targeted systems, potentially providing a gateway to the companies’ Wi-Fi networks.
• Havex malware attack: In 2013, a group of hackers known as Energetic Bear targeted several industries, including manufacturing and energy. The attacks included the use of spear-phishing emails and the installation of malware known as Havex on targeted systems. The malware was designed to collect data on the systems, potentially including login credentials for Wi-Fi networks used by the manufacturers.
• Trisis malware attack: In 2017, a malware attack known as Trisis targeted a Saudi Arabian petrochemical plant. The malware was designed to manipulate the plant’s safety systems, potentially causing a catastrophic industrial accident. The attack reportedly exploited vulnerabilities in the plant’s Wi-Fi network.

Retailers Caught with Their Wi-Fi Pants Down

In the retail industry, Wi-Fi authentication is used for both internal and external purposes. Retailers use Wi-Fi networks to provide internet access to their customers, but also to manage their inventory and point-of-sale systems. Strong authentication is important for protecting sensitive customer information and preventing unauthorized access to sales data.

Retailers are also vulnerable to cyber-attacks that target their Wi-Fi networks. Here are some examples of notable cyber-attacks against retailers that targeted Wi-Fi networks:

• Target data breach: In 2013, hackers gained access to Target’s network through a vulnerability in the company’s HVAC system, which was connected to Target’s Wi-Fi network. The hackers stole data on 40 million credit and debit cards and 70 million customer records.
• Home Depot data breach: In 2014, hackers gained access to Home Depot’s network through a vulnerability in the company’s Wi-Fi network. The hackers stole data on 56 million credit and debit cards and 53 million customer email addresses.
• Wendy’s data breach: In 2016, hackers gained access to Wendy’s network through a vulnerability in the company’s Wi-Fi network. The hackers stole data on 18 million payment cards used at Wendy’s restaurants.
• Forever 21 data breach: In 2017, hackers gained access to Forever 21’s network through a vulnerability in the company’s Wi-Fi network. The hackers stole data on credit and debit cards used at certain Forever 21 stores.

Wi-Fi Hacks in Healthcare that Just Hurt

Wi-Fi authentication is used widely across the Healthcare industry to ensure the security of patient data and to comply with HIPAA regulations. Healthcare organizations require a high level of security for their networks, as the data transmitted over them can include sensitive medical information.

There have been several notable cyber-attacks against healthcare organizations that targeted Wi-Fi networks. Here are a few examples:

• WannaCry ransomware attack: In May 2017, the WannaCry ransomware attack affected healthcare organizations in the UK, Spain, and other countries. The attack exploited a vulnerability in Microsoft Windows systems and spread quickly, encrypting data on infected machines, and demanding a ransom in exchange for the decryption key.
• VPNFilter malware attack: In 2018, the US Department of Justice announced that a group of Russian hackers known as APT28 had infected hundreds of thousands of routers with malware known as VPNFilter. The malware allowed the hackers to steal data and control the routers, potentially providing a gateway to the healthcare organizations’ Wi-Fi networks.
• ShadowPad backdoor attack: In 2017, researchers discovered that the popular CCleaner software had been compromised, with a backdoor known as ShadowPad installed on users’ systems. The backdoor allowed hackers to gain access to sensitive data, potentially including login credentials for Wi-Fi networks used by healthcare organizations.
• BlueBorne Bluetooth attack: In 2017, researchers discovered a vulnerability in Bluetooth devices that could allow hackers to take control of devices without user interaction. This could potentially allow hackers to gain access to Wi-Fi networks used by healthcare organizations, which often rely on Bluetooth-enabled devices for patient monitoring and other purposes.

If Only They Used 802.1X for Wi-Fi Authentication

As we mentioned earlier, and as some of these hacks will illustrate, 802.1x authentication is considered the most secure WiFi authentication method because it provides a way for the network to verify the identity of each client device that tries to connect to the network. Here are some reasons why:

• User authentication:1x authentication requires users to provide their unique credentials, such as username and password, before being granted access to the network. This helps ensure that only authorized users are accessing the network and that their activities can be tracked and monitored.
• Mutual authentication: In addition to verifying the identity of the client device, 802.1x authentication also verifies the identity of the network. This means that both the client and the network have to authenticate each other before allowing access, which helps prevent man-in-the-middle attacks.
• Dynamic encryption keys: With 802.1x authentication, each client device is assigned a unique encryption key that is used to secure the communication between the client and the network. These keys are dynamically generated, meaning they change frequently, which makes it difficult for attackers to intercept and decode the network traffic.
• Granular access control:1x authentication allows network administrators to define access policies based on user roles, device types, and other factors. This enables them to control exactly who has access to which parts of the network, reducing the risk of unauthorized access.

Overall, 802.1x authentication provides strong security for WiFi networks by requiring user authentication, mutual authentication, dynamic encryption keys, and granular access control. While it may be more complex to set up and manage than other authentication methods, the extra security measures it provides can help protect against a range of attacks and keep sensitive data and resources safe.