Wifi has become the primary connection method for most of our computing devices these days. Whether laptop, tablet, games console or phone, pretty much all of our devices use some kind of wireless connection.
Up to now, the security of those connections has only really been of concern to those of us who are professionally paranoid, and large organisations wishing to offer enterprise mobility solutions. Within the enterprise, security solutions for wireless have typically focused on ease of use over security. The result has been a lacklustre record for wireless connectivity in security terms, and a broad mistrust by security professionals.
Despite improvements to the security capabilities around wireless, there are still fundamental issues. To a certain extent, wireless security isn’t that much of a big deal for IT equipment – there is always the option to turn it off, to force users to use a wired connection. However, the fast-developing Internet of Things (IoT) produces a whole new set of challenges. Once you start using radios to connect things like smoke alarms, fridges, home entertainment systems, and even biological implants to wireless networks, that connectivity becomes embedded as an essential part of everyday life. However, both users and manufacturers need to consider the security implications around such devices, and our dependence on the networks that connect them.
Wireless security is challenging because we can’t control access to the physical medium that network traffic passes across. Unencrypted communications over wireless are obviously open to passive interception and interference. As an aside, this is why you should never use an open Wifi hotspot in a café. Every packet you send across that link can be intercepted and read by anyone within a few hundred metres of your machine. If they have the right antenna, a snooper could read your network traffic from several kilometres away.
The result of concerns over the security of wireless communications was the development of Wired Equivalent Privacy, or WEP. If a network is protected by WEP, you put in a password, and your traffic is encrypted so that only your machine and other authorized machines on the network can see it. It’s called Wired Equivalent Privacy because that’s what it was intended to provide – the same level of privacy you could expect if you connected to the network with a cable. The problem with WEP is that it’s weak. Like many security enhancements bolted on to a system at the last minute, it was never intended as a complete security solution. For performance reasons, it used a very weak cipher for encrypting traffic, and as a result, it was broken almost as soon as it came into widespread use. Today, WEP is considered to be essentially as bad as an open access point, and should be avoided if at all possible.
The next iteration of security for Wifi came with the advent of Wifi Protected Access or WPA. WPA uses the same basic technique as WEP, using a passphrase as the key for negotiating encryption on the network, but uses much stronger encryption mechanisms. Unfortunately, it still relies on the same basic RC4 algorithm that WEP used, and is vulnerable to a number of attacks. The second generation – WPA2 – became a mandatory protocol for certified Wifi devices in 2006, and uses the Advanced Encryption Standard (AES) algorithm. AES is essentially the gold standard for commercial and consumer grade encryption and is used in many military systems. WPA2 also includes a number of enterprise features, ensuring that access to the network is not just reliant on a pre-shared passphrase.
At the time of writing, there are a few exploits available for WPA2, but they are difficult to execute and nowhere near as easy to exploit as the vulnerabilities in the older systems. So, from that point of view, we should have nothing to worry about, right? All we have to do is make sure that as many wireless networks as possible use WPA2, and everything should be fine. Well, unfortunately, that’s not the case. WPA2 is fine for our powerful laptops, tablets and smartphones, but what kind of processor is in your thermostat? How about your fridge, or your smart meter? What about your car?
This is where we start to bump up against some basic physics. A powerful processor uses lots of energy to run (and as an aside – produces a lot of heat too). If you’re building a device that runs on batteries, a drone for example, then you want to minimize the amount of power consumed by the processor, because then you can minimize the size of the battery the drone has to carry. Less weight, more flying time. Now imagine that you’ve decided to use Wifi to connect to the drone’s camera, or any other electronic payload. The last thing you want to do is to have to expend flight energy on complex encryption operations in the processor, which not only diverts resources from the flight software, but also increases the amount of heat generated by the drone. In practice, this is what a lot of IoT engineers will do – they will look at the trade-off required by robust security versus increased endurance or snazzy sharing features, and will decide that they’d rather take the risk. Now: that’s one thing with my toy drone that I use to take videos of my roof to look for storm damage – it’s another thing entirely when it’s your pacemaker or your car’s engine management system that’s remotely accessible and not properly secured.
A lot of IoT devices use exotic sections of the radio spectrum. They do this because the Wifi sections, particularly the bands around 2.4GHz, are extremely congested and are therefore unreliable. That’s why your wireless connection often performs poorly in densely populated cities; networks get too close on the same channel and interfere with each other. To get around this, and sometimes to gain other benefits, such as extended range or greater throughput, IoT engineers will often plump for other radio frequencies. There’s a certain element of relying on obfuscation for security here too – the thinking being that most people won’t be able to find the radio signal and interfere with it. This is not the case, as anyone with a cheap software defined radio kit on their laptop will tell you.
For low powered IoT devices, this is a serious concern, especially when security is an afterthought for most of these devices. Still other devices will rely on the mobile network, using protocols such as LTE, 3G, or even GPRS. Don’t even get me started on the security concerns around those – all I’ll say is that nation state surveillance programmes are often responsible for poor consumer level security.
Other IoT solutions, such as the Nest thermostat and the Sonos sound system I use in my house, use the local Wifi network to connect. This means that these systems are only as secure as the local Wifi network, and may even provide a vector for an attacker to get into your network. Now, again, for things like a thermostat, or a sound system, the worst that can probably happen is that someone is able to remotely control these systems and convince you that your home is haunted. But imagine that you have smoke alarms connected to the same Wifi network and someone is able to maliciously disable them. Imagine if your power supply is connected through a smart meter that is connected to the wired network, but accessible through a wireless network connected to the same home network. Imagine if your pacemaker connected to your home Wifi so that it could send alerts if it detects a heart problem, or an incipient failure, but has a poorly secured command interface accessible over the network.
Some of the scenarios outlined in this article may seem like scare-mongering. After all, new technologies have always brought new vulnerabilities, along with the great new capabilities that they are built to deliver. There’s no reason to give up on any of these opportunities, but security must be built into these solutions from the start, and we need a robust and secure connectivity platform to base them on. Whether Wifi or LTE can be turned into that platform is another question entirely.
It’s a difficult problem. What’s required is for connectivity to be easily secured across heterogeneous networks without requiring a heavy load on low power processors. Go to it engineers, no pressure. What’s also critical is the inclusion of security at design time for IoT devices. It is simply not acceptable to consider security as an afterthought or a bolt-on – that’s a drum we in the cyber security business have been banging on for at least thirty years (other security professions have been at it for far longer), and it is still happening! Until these issues are resolved, wireless will remain a security concern and adding IoT into the mix will not help. So: we need a secure connectivity platform that requires little energy expenditure, and we need IoT engineers to take security seriously. I’ll not be holding my breath.