WLAN and Mobile Threats

WLAN Threats
Wireless technology has become the standard for users and other endpoints due to its numerous
advantages over wired networks. However, it brings a significant disadvantage related to security
because of its borderless nature. The following are some of the top Wireless LAN threats published by
techtarget.com in 2022.

1. IP and MAC spoofing

If bad actors are successful in penetrating the corporate WLAN, they can employ various
spoofing techniques, such as manipulating a trusted device's MAC address or the source IP
address in packet headers. This allows them to impersonate trusted devices, potentially leading
to unknowingly accepted spoofed communications. Spoofing attacks, including DDoS botnets
and man-in-the-middle tactics, present complex challenges for organizations. Addressing
concerns like IP and MAC spoofing is difficult, and even simple actions, like replying to the wrong
email, can trigger email spoofing attacks. Despite misconceptions about size, businesses of any
scale are susceptible to IP spoofing, where a moderately skilled attacker, lacking proper training
or equipment, can easily bypass defenses and access sensitive data.

2. DNS cache spoofing/poisoning

This happens when an unauthorized device infiltrates the WLAN and attempts to modify the DNS
server used by connected clients. This manipulation redirects users trying to access trusted
resources to malicious sites. The process involves three stages: first, identifying DNS server
vulnerabilities; second, replacing legitimate DNS entries with fake ones; and third, luring users to
malicious websites to gain access to their sensitive data. This attack takes advantage of the DNS
system's trust, injecting false IP addresses and returning deceptive responses to redirect users
and compromise their information.

3. Rogue/evil twin access points

This threat involves deceiving users to connect to a fake Wi-Fi access point, known as an evil-
twin network. Hackers exploit this connection to gain unrestricted access. Named for its ability
to mimic legitimate networks effectively, the evil-twin attack is challenging to detect. Hackers
prefer crowded locations, where several access points with similar name abound, making the
fake network unsuspicious. They create a new hotspot with the same SSID as the authentic
network, accessing devices like phones and computers. Additionally, hackers may set up a
captive portal, prompting users for a password or other details, enabling them to replicate this
information. By strategically positioning their device or router close to victims, hackers enhance
the signal strength for a more potent impact.

Mobile Threats
Mobile security threats continue to evolve and become more sophisticated each year. According to an
article by zdnet.com, here are the top three out of nine mobile security threats published in 2023.

1. Phishing, Smishing, and Vishing:

All these threats fall under the category of social engineering. These involve someone
impersonating a trustworthy entity and using various methods, such as emails, messages, or
 websites, to deceive users into divulging sensitive information and these includes credentials,
credit card numbers, or personal details. Phishing is a method where a threat actor employs
emails, messages, or websites to obtain sensitive information. Smishing involves sending
attempts through SMS text messages which usually contain links to malicious websites or
requests for sensitive information. Meanwhile, Vishing utilizes voice communication; attackers
make phone calls or send voice messages with the aim of deceiving victims into revealing their
personal information or other sensitive information.

2. Physical Security:
This is a critical concern, primarily due to the risk of theft associated with the compact size and
high market value of mobile devices. The theft of such devices can result in financial loss and
potential exposure of personal data, leading to identity theft or privacy breaches. Unauthorized
access poses another significant threat, especially when devices are left unattended or unlocked,
making them vulnerable to manipulation by malicious individuals. This can lead to data
breaches, privacy violations, and the installation of unauthorized applications, compromising
both device functionality and user personal data. An additional discreet yet effective method
employed by attackers is "shoulder surfing," where users' actions, such as PIN entry, are
observed closely. This tactic enables unauthorized access to the device or sensitive applications,
posing a risk to personal information. Physical tampering, involving the alteration of device
hardware, is a less common but technical approach that can have destructive impacts. Malicious
actors may attempt to modify device hardware to bypass security measures, compromise data
integrity, or gain access to stored information, even extending to critical network infrastructures.

3. SIM Hijacking/Swapping:
This threat involves exploiting a legitimate service provided by telecom companies, typically
used when customers want to switch their SIM cards and mobile phone numbers between
operators or handsets. Threat actors use various methods, including social media platforms,
phishing, and sometimes purchasing victims' personal data from the dark web, to gather
information such as birthdays, mother’s maiden names, and high schools. Subsequently, they
contact the mobile carrier, posing as the legitimate user. If successful in answering security
questions, they can now move the victim’s mobile number to a new SIM card. This grants them
access to online accounts, allowing them to intercept calls and texts and potentially acquire two-
factor authentication codes, posing severe risks to privacy and account security. While SIM
hijacking requires targeted effort, its success can have disastrous consequences for victims.
Vulnerability Analysis Plan
Applying the vulnerability assessment process published by esecurityplanet.com, Dynamic Media can
utilize the seven-step approach.

1. Define Parameters and Plan Assessment:

Define the assessment's scope, this includes the WLAN, mobile devices, and network
infrastructure. Identify and document all assets and establish baselines for their risk tolerance,
user permissions, and security capabilities.

2. Scan Network for Vulnerabilities:

Use automated vulnerability scanner tools to scan the WLAN, mobile devices, and network
infrastructure for security vulnerabilities. Consider using free and open-source vulnerability
scanners to simplify the process.

3. Analyze Results:
Analyze the vulnerability scan results to identify and prioritize security vulnerabilities, especially
related to the WLAN and mobile devices. Consider the criticality and likelihood of exploitation of
each vulnerability.

4. Prioritize Vulnerabilities:
This process involves finding and fixing important weaknesses that present immediate security
threats to the WLAN and mobile devices. This includes identifying vulnerabilities that might lead
to unauthorized access or data breaches, prioritizing those that could affect network and device
security, especially with the company's growth or plans for a public offering. The approach
includes creating a plan to tackle critical vulnerabilities first, followed by those with potential
future exploits, and then addressing other vulnerabilities gradually over time.

5. Create the Vulnerability Assessment Report:

Documents can be created to detail all discovered vulnerabilities, their severity, potential attack
vectors, and proposed solutions. These documents should incorporate visualizations and
explanations tailored for less-technical business leaders, such as the CEO.

6. Use Results to Inform Remediation and Mitigation:

Develop a WLAN and mobile security plan based on the vulnerability assessment findings.
Prioritize security adjustments and mitigation strategies to strengthen the wireless and mobile
security posture.

7. Regularly Repeat Vulnerability Assessments:

Establish a plan for regular and comprehensive vulnerability assessments to address evolving
threats, especially as the company anticipates growth and potential public offering.

By following these steps, Dynamic Media will be able to establish a comprehensive vulnerability
assessment to strengthen its wireless and mobile security posture, address the CEO's concerns, and
prepare for potential growth.
References
Froehlich, A. (2022, November 28). WLAN security: Best practices for wireless network security. Security.
https://www.techtarget.com/searchsecurity/WLAN-security-Best-practices-for-wireless-
network-security
Osborne, C. (2023, October 18). 9 top mobile security threats and how you can avoid them. ZDNET.
https://www.zdnet.com/article/9-top-mobile-security-threats-and-how-you-can-avoid-them/
Hiter, S. (2023, June 6). 7 steps of the vulnerability assessment process explained. eSecurity Planet.
https://www.esecurityplanet.com/networks/vulnerability-assessment-process/
Iliadis, F., & Iliadis, F. (2023, September 5). Mobile Device Security | Baeldung on Computer Science.
Baeldung on Computer Science. https://www.baeldung.com/cs/mobile-device-security
What is DNS spoofing? Function, examples, and prevention. (2023, June 19). G2.
https://www.g2.com/articles/dns-spoofing
Mavrommatis, Konstantinos. “Confronting and Intrusion Detection Techniques of Cyber-Attacks in Wired
and Wireless Communication Networks.” In Proceedings of the 26th Pan-Hellenic Conference on
Informatics, 290–95. Athens Greece: ACM, 2022. https://doi.org/10.1145/3575879.3576007.
Keary, T., & Keary, T. (2023, March 14). A guide to spoofing attacks and how to prevent them in 2024.
Comparitech. https://www.comparitech.com/net-admin/spoofing-attacks-guide/