NSA Warns Public Networks are Hacker Hotbeds

Agency warns attackers targeting teleworkers to steal corporate data.

The U.S. National Security Agency is offering advice to security teams looking for wireless best practices to protect corporate networks and personal devices. The recommendations, while pedestrian in scope, do offer system administrators a solid cheat sheet to share with their work-from-home crowd and mobile workforces.

For starters the NSA, in a public service announcement posted on Thursday (PDF), urged security teams to be mindful of the wireless threats employees face when using Wi-Fi networks. It also lumps Bluetooth technology and Near Field Communications (NFC) into its list of worrisome protocols.

By now, café-based workers have likely mastered both public bathroom and Wi-Fi hotspot hygiene. But, for anyone who hasn’t the NSA advises: “Data sent over public Wi-Fi—especially open public Wi-Fi that does not require a password to access— is vulnerable to theft or manipulation.”

Advice also includes warnings of fake access points that can vacuum up user credentials and skim other personal data retrieved on the “evil twin” access points.

NSA Warns of Bluetooth

More interestingly, the agency cites Bluetooth as a convenient protocol for private use, but when used in public settings it can be a nasty security liability. The NSA advises turning off Bluetooth in public, lest a user be open to a range of attacks such as BlueBorne or BlueBugging – both used to access and exfiltrate corporate data on targeted devices.

Just last May, security researcher Fabian Braunlein with Positive Security identified Apple’s Send My Bluetooth exploit which allowed data to be exfiltrated from a device to an attacker-controlled Apple iCloud server.

Worrisome NFC

The NSA also touched on Near Field Communications (NFC), a handy tool for contactless payments. It said data transfer between devices using NFC can be a cybersecurity minefield of pitfalls. With just a tap data, is moved across a radio network from one device to another.

Andy Norton a cyber-risk officer with Armis told Threatpost security teams are lagging behind when it comes to securing NFC communications.

“Radio connected devices represents a huge risk blind spot for organizations,” Norton said. “These are very much the soft underbelly of information security controls –– the majority of energy, focus, and money from a cyber resilience perspective is spent on preventing attacks coming through the internet connected attack surface. Very little is being done to access the risk from near field radio connections.”

He added on just about every job his team finds a “rogue antenna device and shadow IT activity from antenna-enabled IoT devices.”

In its security bulletin, the NSA suggests:

  • Disable NFC feature when not needed (if possible).
  • Do not bring devices near other unknown electronic devices. (This can trigger automatic communication.)
  • Do not use NFC to communicate passwords or sensitive data.

“Users should consider additional security measures, including limiting/disabling device location features, using strong device passwords, and only using trusted device accessories, such as original charging cords,” said the NSA.

User Behavior Biggest Cybersecurity Challenge

The NSA’s wireless warnings, while basic, still go unheeded by too many. Sadly, the practical and basic advice still needs promoted, experts said.

“My fear is that the don’ts are ingrained, existing behaviors that are not easy to change and at times unavoidable,” Setu Kulkarni with NTT Application Security said. “For example, while it is easy to say ‘Do not bring devices near other unknown electronic devices,’ is that practical?”

Kulkarni added in an ideal world one key employee cybersecurity rule companies should have in place is keeping personal stuff of their business devices. Enforcing compliance gets much trickier.

“These tips are as relevant in 2021 as they were in 2015, but with the shift to more remote work, there are more people using public Wi-Fi,” said Tim Erlin with Tripwire. “While these tips are useful, it can be hard for the average user to understand how to implement them. There’s really a substantial amount of work here for the average user to comply with the recommended settings.”

Threatpost Webinar Series Worried about where the next attack is coming from? We’ve got your back. REGISTER NOW for our upcoming live webinar, How to Think Like a Threat Actor, in partnership with Uptycs on Aug. 17 at 11 AM EST and find out precisely where attackers are targeting you and how to get there first. Join host Becky Bracken and Uptycs researchers Amit Malik and Ashwin Vamshi on Aug. 17 at 11AM EST for this LIVE discussion.

Suggested articles