Lieberman Software
Monday October 20th 2014
Innovation Leaders in Privileged Management

Going Wired-Only is Best Defense Against Android Man-in-the-Middle

As a new wireless network sniffing app for Android – reportedly with attack, man-in-the-middle and remote trojan facilities – is being released, wireless connections may no longer be the best option for network deployments.

The development of dark apps such as the Android Network Toolkit means that anyone armed with an Android smartphone or tablet can become a wireless network hacker.

The fact that this app has been released by a security vendor is irrelevant. As Russia’s Elcomsoft has proven, it is possible to release software that allows hackers to dramatically speed up their rate of attack analysis on networks and corporate computer systems under the guise of offering “security analysis software” to the industry.

The release of Android Network Toolkit, however, pushes things to an entirely new level, since it means that hacker script kiddies and newbies can play with IT resources that are accessible wirelessly. Words like “irresponsible” and “short-sighted” spring to mind here, but the bad news for corporate IT managers is that these discussions are now irrelevant, as the genie is truly out of the bottle.

Against this backdrop, companies should begin to “think wired security” when it comes to network planning and deployments, as it is now clear that wireless connections have to be considered as an insecure networking medium.

The problem facing IT security managers is that the development of on-demand WiFi password cracking services, such as WPAcracker.com and “password recovery” applications from Elcomsoft, mean that even novice hackers now have the capability to launch successful incursions into most wireless networks.

Yes, there is an argument that VPN authentication and encryption can secure a wireless connection, but the big question that IT managers must now ask themselves when deploying a network is whether wireless is truly the best solution for their organisation. The VPN for my Android phone (Motorola Global 2 and others of a similar variety) does not work reliably. There is also no wired connection for my device. Consequently, VPN and wired options do not exist for many consumer/commercial devices. Oh happy day for hackers!

With wired networking connections being far more secure and offering far higher speeds than those achievable using WiFi technology, there is now a pressing argument to opt for wired connections only.

Implement a Guest Network

By all means, install a guest WiFi network in your office building to offer a wireless networking option to guests in the lobby or meeting rooms, but only hook the service up to the public Internet and not the corporate IT resource. That way, if a guest wants to access email or other resources, they can do so without increasing the risk to your company’s systems.  With free apps like Android Network Toolkit, the barrier to would-be wireless hackers is now so low as to be non-existent.

All it takes is one wireless configuration error, and Android-equipped hackers can gain access to the corporate network – and then all hell can break loose. IT managers now need to think seriously about ditching their wireless networks and going over to the security benefits that only a hard-wired company network environment can offer.

What do you think, are you concerned about the Android Network Toolkit? Share your thoughts on the blog below. You can also follow me on Twitter: @liebsoft.

Leave a Reply


× nine = 45