SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
US students hack school WiFi network
Tue, 9th Apr 2019
FYI, this story is more than a year old

Two high school students in the United States were arrested for allegedly hacking their school's WiFi network to avoid taking a test, proving that education institutions still have work to do when it comes to securing their networks.

According to a report from CBS, two 14-year-olds apparently hired a private company to hack and disable the school's WiFi over several days in March this year. As a result, teachers were unable to conduct tests or lessons that depended on internet access.

The students are now facing charges including ‘conspiracy to commit computer criminal activity', and ‘computer criminal activity'.

“Our Wi-Fi connection was compromised over the past week. We have determined that two students may have been involved in the disruption of our system,” Secaucus School superintendent Jennifer Montesano said in a statement.

According to security certificate issuer DigiCert, there are a number of ways to strengthen WiFi networks:

1.    Use sophisticated passwords

Like all passwords, the WPA2 password used to secure wireless networks should be long and sophisticated enough to foil hackers attempting to “aircrack” passwords. Personal names, simple dictionary words, or easily guessed numbers should be avoided.

2.    Change the default WiFi admin username and password

The easy first step to improved security is to change the default username and password. Since most routers don't require a physical connection to log into the admin interface, eliminating this vulnerability removes the lowest hanging fruit available to hackers.

3.    Use the latest WiFi encryption

If hardware can only support WEP or WPA encryption, look at replacing it. The Wi-Fi Alliance strongly recommends the uniform adoption of WPA2. Cutting-edge encryption has been proven to be secure against even the most committed attackers if it is properly implemented. Enterprise environment managers should use the additional protection afforded by dedicated digital certificates.

4.    Encrypt WiFi router admin pages

Secure administrative login pages with a digital certificate for WiFi. The self-signed certificates that come pre-installed on some routers are publicly untrusted, easy to duplicate, and vulnerable to Man-In-The-Middle (MITM) attacks. SSL Certificates from trusted Certificate Authorities will ensure that all of communication via WiFi remains secure and private. If the router doesn't cover digital certificates in the quick start guide, look for instructions on the manufacturer's support website.

5.    Update the WiFi router firmware frequently

Research shows that up to 80% of routers ship with severe security vulnerabilities. Part of the reason for this is the obsolete firmware that is included and automatic updates that are turned off by default. Like other aspects of a network, timely updates are an essential part of any security plan. Ignoring the firmware updates will ensure that network security will fall further and further behind as new exploits are devised by hackers.

6.    Consider locking down MAC addresses

While this may not be practical in larger networks, admins on smaller networks can lock down MAC addresses to have a high level of control. Wireless routers and Access Points rely on access control methods like MAC (Media Access Control) address filtering to prohibit network requests from potential attackers. 
Every WiFi-enabled device is assigned a unique MAC or physical address and maintains a list of devices that can connect to them. Admins can manually input addresses to designate exactly who can connect to a network, although be aware that there are tools that allow attackers to fake MAC addresses.

7.    Train users not to auto-connect

Employees might be tempted to set their devices up to auto-connect to any WiFi signal it encounters. This is especially dangerous in situations where it would otherwise obvious to users that it would be unwise to check their email, due to the possibility of a nearby hacker sniffing the network, but their device connects without asking for permission. Another danger comes in the form of hotspots created specifically by hackers with the sole goal of hacking into connected devices.

8.    Use always-on SSL

The same reasons recommendations to use HTTPS everywhere throughout on a  website apply equally to WiFi. Accessing an account on an encrypted page and then continuing to interact with the site via unencrypted pages leaves the user vulnerable to session sidejacking.