Guests N' Goblins: Exposing Wi-Fi Exfiltration Risks and Mitigation techniques

Presented at DEF CON 23 (2015), Aug. 6, 2015, 4 p.m. (60 minutes)

Wi-Fi is a pervasive part of everyone's everyday life. Whether it be home networks, open hotspots at cafés, corporate networks or corporate guest networks they can be found virtually everywhere. Fortunately, for the security minded, some steps are taken to secure these weak points in one's infrastructure. Usually this is done through some form of registration page which is common in the case of guest networks. But is this enough? And what new threats could be unleashed from even the most isolated of Wi-Fi networks?

In the most paranoid of cases, companies will generally attempt to isolate Wi-Fi networks from their official networks in order to protect their own assets from attacks, while still ensuring that Wi-Fi is convenient for end users. But there is another way to attack a company that could be damaging to the host company and harmful to other targets. This presentation will go over the utilization of various techniques of getting onto and getting out through publicly accessible Wi-Fi networks for nefarious purposes, termed Wi-Fi Exfiltration. Through this technique one is able to obfuscate their identity by using the host of the Wi-Fi's identity, thus implicating the host in the attack.

During the presentation we will cover the findings through our tests along with a list of recommendations for what can be done to mitigate this risk. This is a must attend session to all security professionals and high level management.

Presenters:

• Naveed Ul Islam - Managing Consultant, TELUS
  Naveed Ul Islam (BEE Telecom/DSP, CISSP, SABSA-SCF) is a Managing Consultant at TELUS and Security Intelligence architect within the TELUS Cyber Security Investigation Unit. Naveed’s other interests are in application forensics and enterprise security architecture. Naveed’s prior duties with TELUS include securing of then world’s largest PKI infrastructure known as Secure Channel. In addition, he was responsible for secure implementation of TELUS Health Space infrastructure. He led application security practices within TELUS Health, where he was able to incorporate software security lifecycle into software development practices. Also, he has been a part of security incident response and penetration testing teams. Previous to TELUS, Naveed was a security consultant for Microsoft USA, where he performed security and privacy audits of Microsoft’s core-business related websites. He has secured several key sites such as Microsoft XBOX 360 host web site and Microsoft’s internal auction site known as Micronews.
• Joshua Brierton - Sr. Security Analyst, TELUS Communications
  Joshua Brierton is a Sr. Security Analyst at TELUS Communications Inc. where he works with a team of SIEM specialists to provide customers with a cloud SIEM service offering. Primarily working on rule development and user work flows his other interests in the field includes developing tools to help automate and expedite repetitive work to increase user efficiency. During his time at TELUS he has worked with various teams providing security solutions from VPN services to IPS services along with outsourced development for a variety of other well-known SIEM’s. Prior to TELUS he worked for 5 years with Intellitactics Inc. doing development and device support for the content of the SIEM they provided. Collectively Josh has been working with a variety of SIEM’s for 10 years.
• Peter Desfigies - Cyber Security Investigations Unit, TELUS Security Solutions
  Peter Desfigies is a Security Consultant at TELUS Communications Inc. where he works with a team of other operations analysts to proactively investigate and analyze customer traffic, while also providing threat intelligence on attacks, campaigns, and zero-days in order to protect customer’s environment and enhance their security posture. During his time at TELUS, he has worked with a variety of teams providing LAN, WAN, Telco, Security and hardware break/fix support, and now Security Analysis for government and corporate customer. Prior to TELUS, he worked for 12 years in IT operation roles to provide backbone network support including DNS, SMTP, POP, dialup, T1 to OC12 , and Ethernet at various companies, with the bulk of his experience at UUNET / MCI.
• Panel

Links:

• https://defcon.org/html/defcon-23/dc-23-speakers.html#Desfigies
• https://infocon.org/cons/DEF CON/DEF CON 23/DEF CON 23 slides/DEF CON 23 - Panel - Guests N Goblins - Exposing Wi-Fi Exfiltration Risks and Mitigation techniques - Slides.mp4
• https://infocon.org/cons/DEF CON/DEF CON 23/DEF CON 23 video/DEF CON 23 - Panel - Guests N Goblins - Exposing Wi-Fi Exfiltration Risks and Mitigation techniques - Video.mp4
• https://infocon.org/cons/DEF CON/DEF CON 23/DEF CON 23 slides/DEF CON 23 - Panel - Guests N Goblins - Exposing Wi-Fi Exfiltration Risks and Mitigation techniques - Slides.srt (subtitles)
• https://infocon.org/cons/DEF CON/DEF CON 23/DEF CON 23 video and slides/DEF CON 23 - Panel - Guests N Goblins - Exposing Wi-Fi Exfiltration Risks and Mitigation techniques - Video and Slides.srt (subtitles)
• https://infocon.org/cons/DEF CON/DEF CON 23/DEF CON 23 video/DEF CON 23 - Panel - Guests N Goblins - Exposing Wi-Fi Exfiltration Risks and Mitigation techniques - Video.srt (subtitles)
• https://infocon.org/cons/DEF CON/DEF CON 23/DEF CON 23 video and slides/DEF CON 23 - Panel - Guests N Goblins - Exposing Wi-Fi Exfiltration Risks and Mitigation techniques - Video and Slides.mp4 (Video and Slides)
• https://www.youtube.com/watch?v=H_Kp7Bul4I0

Similar Presentations:

• Black Hat Asia 2020 Virtual / WIFI-Important Remote Attack Surface: Threat is Expanding
• HOPE 2020 Virtual Rescheduled / Hands-On With Wi-Fi Hacking on the ESP8266
• Black Hat Europe 2017 / Wi-Fi Direct to Hell: Attacking Wi-Fi Direct Protocol Implementations