Commjacking - The latest trending Cyber Threat

Commjacking ÔÇô The latest trending Cyber Threat

In the era of ever increasing connected society through WiFi and Cellular network, there is recent cyber threat making a round named “Commjacking”. It basically hijacks the communication between the device and WiFi/Cellular network the device is connected to. By hijacking the communication, attackers are able to eavesdrop on dialogues, intercept data exchange to and from the device and manipulate the data, or the device itself.
We usually assume that a wireless signal used by mobile computing device is trusted source of Internet access, however the criminal minds have started to abuse that trust by setting up fake wireless network using commjacking technique for nefarious use. This is happening due to the easy affordability of interception techniques available as open source kits amounting few dollars. Once a mobile device connects to this “hotspot honeypot”, attacker can start stealing the data including emails and financial transactions.
Modus of operandi adopted by attacker is either launching targeted attacks to the individuals or performing access point mapping by intercepting everyone in location such as coffee shops, airline lounge, Wi-Fi hotspots etc. Attacker typically uses a small hardware device to create a "hotspot honeypot" and steal the credentials of legitimate earlier accessed known Wi-Fi networks. Next time when users log in to what they think is a same Wi-Fi network, they actually access a rouge access point implanted to steal credentials and personal information. Although we know that the public hotspots are not secure enough, we still use it to access the Internet using Wi-Fi networks at various places like libraries, hotels, coffee shops and airports and make ourselves vulnerable to commjacking acts. Situation is expected to get grim once the usage IoT (Internet of Things) penetrates further as the number of household devices will start communicating using radio signal.
There are noteworthy known cases of commjacking attacks published in public domain. Obvious question comes to our mind is “How do we detect and protect from such attacks?”. Although we attempt to make our systems and network immune to an extent to malware attacks, denial of service attacks and other internet attacks by applying controls at various OSI layers, these controls are not meant for radio signals.
Security experts suggest using controls like encrypting the Wi-Fi communication, using the IPsec/SSL VPN connections while using public Wi-Fi or avoid completely using the public Wi-Fi in the first place to thwart such attacks to an extent. There are very few known commercial solutions available to prevent from such attacks. Knowing this, corporates have to evaluate the risks and deploy possible mitigating controls prior to allowing mobile workforce, the usage of public hotspots for Internet and Intranet access. Public hotspot providers need to strengthen the perimeter controls along with physical controls to detect and prevent the insertion of rouge wireless devices in their perimeter. Individuals also need to be very cautious while using the Internet of public hotspots and minimize any transaction involving personnel and financial information.

Rate this article: 
4
Average: 4 (1 vote)
Article category: 

Comments

I think one way to prevent this kind of attack is if the user sees two hot spots with the same SSID in a public place which obviously implies that one of them is a "hotspot honeypot". He can then alert the legitimate hot spot provider to locate the rogue device...

Yes. It is possible. However most of us will be ignorant and fall victim to the social engineering tricks of the adversaries.  

Pages