Device (Wi-Fi) Security Study HKCERT.pptx

www.slideproject.com 3
Team
Yousef S. Almatieb
ID:120220023
Prof. Dr. Eng. Mohammad A. Mikki
Supervisor

www.slideproject.com
Outline
4
4
Background
Wi-Fi Security Study
Security Analysis of IoT Device (Wi-Fi)
Summary
Security Study of Configuring Wi-Fi IoT Environment

Introduction
5
This article delineates security research on two aspects of configuring :
1- The Wi-Fi IoT environment.
2- Wi-Fi IoT devices.
 Followed by security advices for general users and developers about Wi-Fi IoT configuration
and devices.
The information contained in this document is intended to provide general information and for
reference only.
This article explores authentication, encryption protocols, and offers security recommendations
for Wi-Fi setup.

Bluetooth vs. WiFi — Which Is
Better For Connectivity For IoT
Development

https://www.intuz.com/blog/bluetooth-vs-wifi-connectivity-for-iot-development

1- Background
8
8
IoT applications diversify with wireless tech development.
IoT devices require specific wireless tech for their
needs; Wi-Fi, with its speed and ease, is most popular.
Wi-Fi is advantageous as it suits the networking
needs of most IoT devices, such as routers,
cameras, and smart home appliances commonly
used in daily life.
IoT devices require specific wireless tech for their needs; Wi-Fi, with its
speed and ease, is most popular.

Cont.
9
9
Cybersecurity risk must not be ignored.
Users often neglect IoT update patches,
leaving devices vulnerable to cyberattacks.
Few security programs exist for IoT
devices.
Any IoT devices connecting to the Internet
through Wi-Fi may encounter security
threats from the Internet.
HKCERT conducts security tests and research on Wi-Fi and IoT devices to enhance user and
developer awareness.

2- Wi-Fi Security Study
10
Wi-Fi is commonly used in smart homes, connecting webcams and appliances to the Internet,
enabling remote monitoring via mobile or computer apps (Fig. 2.1).
Attackers can breach Wi-Fi networks, crack passwords, and exploit device flaws for data leaks
or remote code execution.
Wi-Fi IoT devices use case

Cont.
11
For Wi-Fi IoT security, focus on two key aspects:
1- Secure Wi-Fi IoT by configuring it to prevent hacking, isolating it from computer and
mobile networks.
2- Ensure the security of Wi-Fi-connected IoT devices and patch device vulnerabilities in a
timely manner

3- Security Study of Configuring Wi-Fi IoT Environment
12
3.1 Security Analysis of Wi-Fi Authentication and Encryption Protocol.
3.2 Security Analysis of WPA2+AES.
3.3 Recommendations for Configuring Wi-Fi IoT Environment.

Cont.
13
13
In Wi-Fi technology, security involves two aspects:
1- Controlling who can connect to and configure the Wi-Fi network and equipment.
2- Securing the data travelling wirelessly across Wi-Fi network from unauthorised view
 To achieve these aspects, authentication and wireless data encryption are necessary before
IoT devices can connect to the network

What are the five types of Wi-Fi
authentication and encryption methods

3.1 Security Analysis of Wi-Fi Authentication and Encryption Protocol
15
There are five types of Wi-Fi authentication and encryption methods, namely:
1- Open Wi-Fi Networks.
2- Wired Equivalent Privacy (WEP).
3- Wi-Fi Protected Access (WPA).
4- Wi-Fi Protected Access 2 (WPA2).
5- Wi-Fi Protected Access 3 (WPA3)
https://www.tp-link.com/us/wpa3/

Cont.
16
16
Tab.1 The security level and recommended level of Wi-Fi authentication and
encryption methods
 WPA/WPA2 uses encryption
with TKIP and AES.
 TKIP is mostly used with WPA.
 WPA2 requires AES encryption,
AES must be used with it.

Cont.
17
 Attackers may invade vulnerable IoT devices, which in turn attacks computers
and mobile phones in the same network.
 To avoid this situation:
 Recommended separating the network of IoT devices from that of the computers and mobile
phones network when configuring the Wi-Fi IoT environment
 WPA2 + AES may risk password cracking and data leaks.
 HKCERT will perform security analysis on WPA2 + AES and provide security
recommendations.

Cont.
18
 WPA3 is the most secure and recommended Wi-Fi authentication and encryption method.
https://www.tp-link.com/us/wpa3/
 WPA3 are already on the market, and Windows 10, iOS 13 and Android 10 have added
support for WPA3.
 Most IoT devices do not support WPA3 × ……2020.
 Recommended to use WPA2 + AES mode for the configuration of the Wi-Fi IoT environment
currently.

3.2 Security Analysis of WPA2+AES
19
19
Weak passwords with WPA2 + AES are susceptible to
quick brute force cracking.
1- WPA2 + AES password requires a minimum of 8
digits
2- HKCERT used the test platform to brute force
an 8-digit weak password which was successfully
cracked within one minute (Fig).
3- Using 8-digit weak password is not secure.
Brute force WPA2+AES password

Cont.
20
20
Wi-Fi Protected Setup (WPS) function is designed to solve the rather complicated steps of
WPA / WPA2 authentication.
 Device users are recommended to disable the WPS function or use the
WPS push button connection function.
 The WPS push button connection function
allows users o press the button to turn on WPS
when needed.
 Then when the connection is successful or the
connection time limit is over, WPS will
automatically turn off to prevent it from being
brute forced.

Cont.
21
21
2- Once the PIN code (8 digit) has been cracked, even if the user changes the Wi Fi password,
the attacker can still connect to Wi-Fi through the WPS PIN code.
1- PIN code can be cracked in one day because of its limited strength.

Cont.
22
22
In addition to the password brute force, there are two vulnerabilities in WPA2+AES
named :
1-Key Reinstallation Attack (KRACK) .
2- KrØØk (also written as Kr00k) is a security vulnerability that allows some WPA2 encrypted
WiFi traffic to be decrypted.
KRACK attack logo
https://www.krackattacks.com/
 It was discovered in 2016 by the Belgian researchers Mathy Vanhoef
and Frank Piessens of the University of Leuven
 It was discovered by security company ESET in 2019

3.3 Recommendations for Configuring Wi-Fi IoT Environment
23
23
The following are the security recommendations for the Wi-Fi IoT environment configuration
for users:
1-WPA3 authentication encryption method is recommended.
2- The function can only be connected by turning off the WPS function or
using the WPS button.
4- Separate the network of IoT devices from that used by computers and mobile phones.
3- Pay attention to the vulnerability situation of Wi-Fi and update the patch to fix the
vulnerability in time.

4- Security Analysis of IoT Device (Wi-Fi)
24
24
4.1 Device Port Weak Management Vulnerability.
4.2 Transmission without Encryption Vulnerability.
4.3 Device Authentication Weak Management Vulnerability.
4.4 Security Test Result and Risk Summary of Wi-Fi IoT Devices.
4.5 Recommendations for Configuring and Designing Wi-Fi IoT Devices.

4- Security Analysis of IoT Device (Wi-Fi)
25
25
IoT devices test schematic diagram
They performed a security test on the IoT devices in the network to find vulnerabilities
in the IoT devices.

Cont.
26
26
Through testing, they found three security vulnerabilities in Wi-Fi IoT devices:
1- Device port weak management vulnerability.
2-Transmission without encryption vulnerability.
3- Device authentication weak management vulnerability.

4.1 Device Port Weak Management Vulnerability
27
27
IoT devices provide connection services through communication ports.
All devices except the smart diffuser have multiple default open ports, some of which have
weak management vulnerabilities, making them susceptible to attacks.
 The following table shows the open ports of tested devices.
Fig. 2 IoT devices open ports
 They found a vulnerability in the Telnet service running on the control port 23 opened by
the control center.

Cont.
28
28
 It allows direct login administrator account without a password.
 That is, if an attacker compromises the device, the attacker can execute malicious code
remotely to turn it into a botnet.
What is a Botnet
A botnet refers to a group of computers which have been infected by malware and have come under the control of a
malicious actor.

4.2 Transmission without Encryption Vulnerability
29
29
 The KrØØK vulnerability allows for illegal decryption of WPA2-AES encrypted data, leading
to data leakage.
 Encryption of IoT device transmission is very important,
especially for devices transmitting sensitive information, such as
webcams.
 They recommend using the HTTPS protocol in the device
management interface instead of the unencrypted HTTP protocol.
 When testing the webcam, they discovered unencrypted
transmission of sensitive data, including usernames and passwords.
https://www.hkcert.org/security-guideline/iot-device-webcam-security-study

4.3 Device Authentication Weak Management Vulnerability
30
30
 Many IoT devices, such as Wi-Fi routers, network cameras, etc., have a
management interface that uses an account password to log in.
 If the attacker breaches the device's account password and accesses its
management interface, it can lead to remote code execution and data leaks
 IoT devices must have authentication protection
measures, such as
1- Mandatory use of complex passwords.
2- Prevention of brute force attacks.
3- Two factor authentication.
According to a study by google two factor authentication can block up to 99% of phishing attacks.

4.4 Security Test Result and Risk Summary of Wi-Fi IoT Devices
31
31
Fig. 4.4.1 Security test result and risk summary of Wi-Fi IoT devices

4.5 Recommendations for Configuring and Designing Wi-Fi IoT Devices
32
32
End Users:
1- Change the default password when using the device for the first time.
2- Close unnecessary ports when using the device for the first time.
3- Password of device should be long and complex enough.
4- Enable two factor authentication protection if this option is available.
5- Check the device settings regularly. If settings are changed unexpectedly, reset the account of
device immediately and keep on monitoring.
6- Update firmware of device to the latest version.
7- Beware of security alerts of IoT devices.

Cont.
33
33
Product Developer:
1- Apply Security by design to tighten security measures in product development life cycle
2- Enforce unnecessary network communication ports not open by default and perform identity
authentication and permission management on open ports
3- Ensure the encryption of both data and password in transmission
4- Enforce change of default password for user using the webcam for the first time.
6- Apply password complexity, e.g. at least 8 characters long and must include upper and lower
cases characters, digits and special characters
7- Prevent brute force attack, e.g. lockup the account when password failed for 10 times.
8-Equip two factor authentication protection on the device.
9- Provide transparency on security vulnerabilities and continue to provide security patches for
devices to patch critical vulnerabilities as soon as possible.

5. Summary
34
34
1- Before WPA3 authentication and encryption method is widely applied, it is recommended to use
WPA2 + AES.
2- Use WPA3 once it becomes popular.
3- Separate the network of IoT devices from that used by computers and mobile phones.
4- Developers should patch Wi-Fi vulnerabilities as soon as possible and release security patches.
5- Developers can do more improvements, such as evaluating the product by referring to the
HKCERT “IoT Security Best Practice Guidelines.

Device (Wi-Fi) Security Study HKCERT.pptx

Recommended

Recommended

More Related Content

Similar to Device (Wi-Fi) Security Study HKCERT.pptx

Similar to Device (Wi-Fi) Security Study HKCERT.pptx (20)

Recently uploaded

Recently uploaded (20)

Device (Wi-Fi) Security Study HKCERT.pptx