Do You Trust Your Home Wi-Fi?

We’ve been talking a lot lately on how crucial it is for organizations to enable a Trusted Wireless Environment. Now that working remotely is our “new normal,” and not every company is able to send an AP225W wall plate access point home with everyone, we covered 5 tips that would keep remote workers safe and Wi-Fi hackers away in a previous blog, but here’s a refresher:

  1. Connect to your company’s network via VPN (virtual private network).
  2. Change the SSID (service set identifier) in your home cable model or router to ‘hide’ to keep Wi-Fi hackers away.
  3. Use a WPA2-, or if you can, WPA3-protected modem/router.
  4. Change the password to your Wi-Fi network frequently. Don’t use the default settings.
  5. Create a guest network for people in your household, so that they can connect to it without getting access to your company’s network.

Although these Wi-Fi tips will keep you and your loved ones safe, they won’t always protect you against the six known Wi-Fi threat categories.

  • Rogue Access Point: Allows attackers to bypass perimeter security.
  • Rogue Client: Delivers malware payloads to the network after connecting to malicious APs.
  • Neighbor Access Point or Client Misassociation: Risks infection from connecting to other SSIDs while in range of the authorized AP.
  • Ad-Hoc Network: Uses peer-to-peer connections to evade security controls and risk exposure to malware.
  • “Evil Twin” Access Point: Lures users to connect to it so as to spy on traffic, steal data and infect systems.
  • Misconfigured Access Point: Opens networks to attack as a result of configuration errors.

All these threats are not new and have been around since Wi-Fi went mainstream 21 years ago. But one thing that has remained the same and is so shocking to me – there are no security standards around Layer 2 Wi-Fi to keep Wi-Fi users like you and me safe. This is why I’m advocating for change. We all deserve to connect to Wi-Fi we can trust. I want to be able to connect to Wi-Fi at home or in my favorite coffee shop and not have to look around wondering if the person sitting next to me on their laptop is a hacker. Hackers prefer to go after Wi-Fi because it’s the weak link in the security chain and it doesn’t take much to hack into a Wi-Fi network.

So, what can we do today to help build the future of a secure Wi-Fi standard across the world? Everyone can join the Trusted Wireless Environment movement and advocate for global security standard for Wi-Fi. Visit www.TrustedWirelessEnvironment.com today! Every signature we collect will help us partner with organizations such as the Congressional Wi-Fi Caucus, WiFiForward, PCI Security Standards Council, Wi-FiNOW, IEEE, and Wi-Fi Alliance to name a few. These organizations help build security standards for businesses around the world and we want to join forces by collaborating with them to make this world a safer place.

Stay safe, everyone!

#TrustYourWiFi

Top Cyber Threats Taking Advantage of the Pandemic Situation

This week, WatchGuard CTO Corey Nachreiner joined our Wi-Fi security experts to discuss top cyber threats that are intensifying in the United States and globally due to the pandemic situation. This trend is not unique to COVID-19. Hackers have always used disasters such as tsunamis and earthquakes, and high-profile events around the world to prey on victims, and this global pandemic is no exception.

Corey offers tips and advice for free tools and online education on email phishing, malware, and pro tips for the hardcore IT professional in organizations of all shapes and sizes on ways to configure VPN policy for various employees.

 

 

Stay safe everyone!

What Should Businesses Anticipate as People Go Back to Work

Business all over the world have been caught by surprise with the sudden demands from employees needing to work from home. This huge change in operations not only puts a strain on the employees but also the company’s network infrastructure.

Was your business prepared to support remote employees at this level? A lot of companies scrambled to keep the employees productive and security may have fallen to the sideline. New business continuity plans and Wi-Fi security training along with updated network infrastructure, could make a transition like this go much easier. The home office will soon be an extension of your business network – so don’t let this shift compromise your business security.

Wi-Fi specialists from WatchGuard, along with a special guest, offer tips on how to best support your remote workforce and what to expect when we all get back to the office.

 

How to Keep Your Work Wi-Fi and Home Wi-Fi Happy

Working from home sounds luxurious – you’re saving time and money on your commute, pajamas and sweatpants are the new haute couture, and doing laundry in the middle of the day makes you feel super productive.

Between the kids playing video games and doing schoolwork online, and you trying to host a video web conference for work – the Wi-Fi may not be as happy. Try these tips to configure your home Wi-Fi for best performance for the family and business needs while you’re working from home.

 

WFH? Now is the Time to Retain Control of Your Wi-Fi Network

The last few weeks have been “interesting” to say the least. The global COVID-19 pandemic has forced much of the workforce to work remotely to help slow the spread of the disease. Working from home can introduce security concerns related to Wi-Fi. With more employees working from home comes the increased vulnerability of people using Wi-Fi, and there is not enough education about the very real threats they’re up against and the need for Wi-Fi security standards.

Now is the time to retain control of your Wi-Fi. I picked up my phone and called Ryan Orsi, director of product management for Wi-Fi at WatchGuard, over FaceTime. He knows Wi-Fi inside out so who else can help provide helpful guidance on keeping your Wi-Fi secure if not him?

Here is a recap of our conversation:

Milena Babayev: I can only imagine how IT departments are being flooded right now with remote worker tickets and most likely don’t have the visibility into their network or device. What do you recommend IT departments do during this time?

Ryan Orsi: Send employees AP225W access points (APs) that are pre-configured with all the necessary security policies. All remote employees have to do is just plug the AP into their home cable modem or router. This will give IT visibility into client performance and network so they can better support the remote workforce and will keep employees secure 24/7 from harmful Wi-Fi hacks.

MB: We’ve been talking a lot lately on how crucial it is for organizations to enable a Trusted Wireless Environment. If sending every employee the AP225W is not an option, is there a way for remote workers to stay safe and keep Wi-Fi hackers away?

RO: Absolutely. Here are some steps you can take at home today to ensure that your Wi-Fi is safe:

  • Connect to your company’s network via VPN (virtual private network).
  • Change the SSID (service set identifier) in your home cable model or router to ‘hide’ to keep Wi-Fi hackers away.
  • Use WPA2, or if you can, WPA3-protected modem/router.
  • Change the password to your Wi-Fi network frequently. Don’t use the default settings.
  • Create a guest network for people in your household, so that they can connect to it without getting access to your company’s network.

MB: Since we’re talking about Wi-Fi security, why do you think the Wi-Fi industry has not adopted any standards around Layer 2 security?

RO: Most all the demand over the last twenty years has been for connectivity and performance. The industry isn’t going to build something if they don’t think their market wants it. I definitely want this to change and I think vendors that normally compete need to come together and design new security into the Wi-Fi standard that solves these hacking problems for the average person without them having to take additional steps beyond what they do today: tap or click to connect.

MB: What can we do today to help build the future of secure Wi-Fi standard across the world?

RO: Everyone can join the Trusted Wireless Environment movement and advocate for global security standard for Wi-Fi. Visit www.TrustedWirelessEnvironment.com today!

Stay safe everyone! #TrustYourWiFi

Don’t Let Kr00k Bend You Out of Shape

Kr00k, a recent vulnerability found by Eset, causes devices sending traffic over Wi-Fi to send unencrypted data, like in the KRACK vulnerability. While a separate vulnerability, KRACK exploits devices by installing an all-zero encryption key, among other vulnerabilities, whereas Kr00k exploits a timing issue where the client or access point (AP) removes the key before finishing its connection leading to an all-zero encryption key. With both vulnerabilities the result leads to traffic sent unencrypted over Wi-Fi. Eset estimated that billions of devices with Broadcom and Cypress Wi-Fi chips send unencrypted traffic over WI-FI when exploited with this vulnerability. We have confirmed that no WatchGuard devices use Broadcom or Cypress chips, so no WatchGuard devices are vulnerable. Connected devices may still fall victim to this attack though.

Wi-Fi communication typically works by having clients and their connected access point take turns speaking and listening. Unless you use an Open Wi-Fi network, the devices communicate securely over the air using standards like WPA2 or WPA3, where the client and AP will create a unique key to encrypt the communication (derived from the pre-shared key (PSK) of your Wi-Fi network, or from extensible  authentication protocol (EAP) parameters in a Wi-Fi network authenticating with 802.1x). While a device waits for its turn to communicate, it stores the chunks of data in a buffer. Then, when the device’s turn comes up, it will encrypt the data using the negotiated key and send it.

This communication can continue with each device taking turns sending and receiving data. The communication between a client and AP stops when one device decides that is wants to disconnect from the network. When this happens, usually one of the devices sends a message to disconnect from the wireless network.

When connecting or disconnecting, the AP and client authenticate or deauthenticate. When the session ends, the client deauthenticates with the AP using Management Frames. Additionally, a client or AP sending Management Frames over Wi-Fi must not encrypt this traffic since they haven’t negotiated a key yet. Therefore, you can spoof a deauthentication packet to disconnect a client. Kr00ck further exploits some devices by timing the deauthentication packet. When some Broadcom or Cypress chips receive a deauthnetication packet with data in the transmit buffer, it will clear the key then send the data in the transmit buffer, leading to traffic in the transmit buffer sent unencrypted.

An adversary could easily exploit this vulnerability with a simple device like a Wi-Fi pineapple. One only needs to send deauthnetication packets and monitor the traffic. Typically, the buffer will hold up to a few kilobytes of data. While that doesn’t sound like a lot, if timed correctly, for example, one could catch login details. Attackers could also repeatedly exploit the issue to build up significant leaked data over time.

We find Kr00k a less severe vulnerably than KRACK since the client would only send a small amount of traffic unencrypted. Additionally, no one could reasonably determine when the client sends traffic with the client personal information. But this attack affects billions of devices and only a minimal amount of knowledge is needed to exploit it. The ease and reliability of this exploit make gathering information simple, even with a low success rate for the exploit, to capture personal details for every try.

Broadcom and Cypress have released patches so venders can implement them. Consumers can mitigate against Kr00k, outside of patches from vendors, by configuring the use of WPA3 only, or enabling 802.11w protected Management Frames on their Wi-Fi SSID. WatchGuard also supports enabling 802.11w protected Management Frames with our Wi-Fi Cloud solution. Also, while Wireless Intrusion Prevention System (WIPS) cannot prevent attackers from sending deauthentication or disassociation frames to clients and access points, WatchGuard’s Wi-Fi Cloud managed access points have the capability of detecting and notifying administrators about deauthentication flood attacks, which happen when an attacker attempts to take advantage of this vulnerability. On the client side, SSL encryption in HTTPS traffic does keep most data safe from this exploit, but for unencrypted traffic you can use a trusted VPN to help protect the traffic.

Ruckus (Commscope) Access Points Put to The Hackers’ Test

Did they pass? You’ll have to read on to find out…

Ruckus, which is now a part of Commscope via acuquisition in 2018, came into the business-class Wi-Fi market in 2002 with a disruptive antenna design.  At the time, the antenna technology was quite novel and utilized multiple electrically-steerable antenna arrays to focus signal to desired targets such as laptops or mobile phones, and reject noisy sources like other Wi-Fi networks and Radio Frequency (RF) interference.  Their technology has helped businesses all over the world offer rock-solid Wi-Fi service, but does it keep hackers out?

What do hackers want with Wi-Fi and who are these people anyway?  First, the desired loot of a Wi-Fi hack is the same as any other cyber attack like ransomware or botnets – information leading to money.  Unsuspecting Wi-Fi victimes can have the majority of there session silently intercepted by attackers looking for obvious information of value like usernames/passwords, credit card numbers, and less-obvious information like hotel room number and last name from a captive portal and web app session cookies.  As to the identity of these attackers…it ranges vastly from curious YouTube watchers in the hotel lobby to nation-state attackers looking to extract high-ranking corporate employee login credentials.

A major portion of today’s population uses Wi-Fi, and a subset of those users likely encounter Ruckus access points (APs). Therefore, Wi-Fi professionals at Miercom recently decided to challenge several AP vendors including Ruckus’ R510, and test if these devices can automatically detect and prevent the six known Wi-Fi threats, which if successfully prevented can keep Wi-Fi users safe from many nefarious hacking activities.  The test report shows that the R510 was able to automatically detect two of the six threats (Evil Twin AP and Ad-Hoc) – and failed to automatically detectthe other four. The R510 also failed to automatically prevent all six threats.

To prevent a Wi-Fi threat means that the Ruckus AP would send some combination of wireless frames and wired frames out to render the threat useless while the threat is within range.  Results are seen in the table below and full test details can be downloaded here.  Note the first two columns show the Ruckus R510 operating alone and the green columns show it when a WatchGuard AP125 is added to the network to protect the R510 from Wi-Fi hacks. Remember, the term Wireless Intrustion Prevention System (WIPS) is heavily abused in the industy because there is no vendor-neutral standard that defines exactly what features and capabilities an AP must have to claim it has WIPS.  That means that WIPS from Ruckus and WIPS from WatchGuard are totally different, even though the same four letters are claimed by both vendors.

This is one of the main reasons why the Trusted Wireless Environment framework was created to bring transparency to the industry and raise awareness on the seriously overlooked problem of Wi-Fi hacking.

Google It

Using the law of ‘Googling it,’ you’ll see approximately the following number of results for these search terms:

In terms of how important the topic of Wi-Fi hacking is to the Internet, it sits higher than ransomware (but lower than fruit).  Mainstream media has had a disproportionately high focus on covering ransomware stories verus Wi-Fi hacks over the past several years. This could likely be driven by the fact that the six Wi-Fi hacks are technically over twenty years old.  Hard to call it breaking news when Wi-Fi has been hackable for a few decades.  It’s also a possible reason why most AP vendors appear not to be making security a priority in their development roadmaps.

Protect Ruckus APs From Hacking with WatchGuard

Fortunately for the market, WatchGuard has been gearing its cloud-managed AP roadmap with unique security feature sets. To determine how existing Ruckus Wi-Fi networks can become Trusted Wireless Environment compliant, Miercom configured a WatchGuard AP125 AP as a security sensor dedicated to protecting the R510 from the six known Wi-Fi threats. The results show that Ruckus was 100% protected once a WatchGuard AP125 APs was added.  From a deployment perspective, network and security administrators will find a simple solution where the Ruckus APs continue to connect Wi-Fi users as usual and the WatchGuard APs act as a sort of Wireless Intrusion Prevention System (WIPS) sentry, constantly monitoring the air space and wired network for the presence of any of the six threats.

If you have an Ruckus Wi-Fi network and are wondering how many WatchGuard APs you need to add to your existing Ruckus network to protect it, any WatchGuard reseller near you has access to a professional service from WatchGuard that will provide you with a predictive simulation survey that determines the recommended number of WatchGuard APs, installation locations, and WIPS/Wi-Fi coverage range.

Testing Your Own Wi-Fi Network for Wi-Fi Hacking Vulnerability

Those interested in testing their own Ruckus Wi-Fi networks for Trusted Wireless Environment compliance can follow the Trusted Wireless Environment test guide, and contact Miercom via their website for a more thorough test involving live client workloads.

Emotet Evolves to Gain the Wi-Fi Attribute

A recent addition to the Emotet botnet, found by Binary Defense, enables this malware to spread through Wi-Fi networks. This differs from previous versions of Emotet where it only targeted local wired networks. The Emotet botnet started off as a banking trojan in 2014. Early on, it spread by email and would resend itself to its victims’ contact lists. Later, the botnet progressed to spreading additional malicious payloads, such as ransomware. Now, it has evolved once again, this time to exploit vulnerable Wi-Fi hotspots. Like many botnets, the criminal hackers behind Emotet can configure it with different modules to do a variety of malicious acts.

Before this update, Emotet already had basic worm-like spreading capabilities. If it detects a connected wired network, it tries to spread to other devices on that network using default passwords or basic password brute-forcing. This updated version, however, includes a new and unique Wi-Fi spreader, which allows the malware to jump onto insecure wireless networks like the ones found at many public Wi-Fi hotspots.

Here’s how it works:

  1. Emotet leverages the victim’s wireless adapter to enumerate the local Wi-Fi signal space, and creates a list of any wireless networks (SSIDs) it finds. The victim’s device doesn’t have to connect to any of the found networks for this Wi-Fi enumeration to take place.
  2. Once the malware identifies potential target networks nearby, it attempts to connect to them using a list of common Wi-Fi passwords. If it’s successful connecting to one, it starts the next phase of its attack.
  3. Once connected to a victim Wi-Fi network, Emotet looks for other connected devices and any publicly shared folders they might expose. If it finds one, it launches a different type of brute-force attack, this time trying to connect to the share with common users and password.
  4. If Emotet succeeds in connecting to any shares found on the Wi-Fi network, it loads a copy of itself onto that share and leverages Windows network commands to try and launch that new copy. If it succeeds, the process starts all over on a new victim.
  5. Finally, the malware also sends information about the Wi-Fi scans and new victim systems to its command and control (C&C) Once the spreading phase is complete, Emotet remains as a bot client connected to the botnet via a C&C. The criminals behind it then have full control of the victim computer and are capable of launching any malicious action depending on what Emotet modules they‘ve installed.

 

You can prevent your wireless networks from succumbing to Emotet’s Wi-Fi spreader using basic Wi-Fi access point (AP) security practices. If you manage a Wi-Fi network, make sure to protect it using the latest WPA3 security and a long password greater than 15 characters. That should prevent a random Emotet-infected computer near your AP from being able to brute-force your SSID password.

WatchGuard’s secure APs, including Cloud Wi-Fi APs, have a number of additional security features that also help protect you from parts of this Wi-Fi attack. For instance, AP client isolation can prevent Wi-Fi clients from communicating directly with one another, even when connected to the same AP. This would prevent an Emotet-infected computer that’s connected to a guest network from being able to find and infect other guests.

Wi-Fi Cloud APs also include powerful Wireless Intrusion Prevention (WIPS) features, including Neighbor AP protection. Enabling this feature prevents your users from connecting to any neighboring wireless networks within range of your office. If one of your wireless users was infected by Emotet, this would prevent that user from connecting to and infecting other Wi-Fi networks nearby. That said, it would keep the infected computer on your network, which may still be at risk, but at least it also prevents collateral damage. If you’d like to learn more about our strong WIPS features, check out our Trusted Wireless Environment page.

Good wireless security practices and WatchGuard’s Secure APs can help, but it’s still best to have security controls in place that prevent Emotet infections in the first place. Remember to implement strong anti-malware solutions (like those found in WatchGuard’s Total Security package) at a network and endpoint level. Our proactive malware detection should prevent the latest Emotet from reaching into your network.

How To Stop Wi-Fi Hackers Abusing Ubiquiti’s UniFi Access Points

Ubiquiti, a global networking technology company came onto the mainstream marketplace beginning in 2005 with a clever idea of offering products at low prices to mass markets guiding channel players to monetize their services instead of the hardware.  Every strategy has its pluses and minuses and some would say Ubiquiti’s low-price leader concept swung the pendulum too far, reducing their own ability to re-invest profits into their research and development department.  Others would say the low-price leader concept has worked and put the UniFi brand on the map alongside networking names like Cisco Meraki.  Regardless of which viewpoint you align to, the number of businesses with Ubiquiti UniFi access points around the world is impressive and therefore a prime target for cyber criminals as evidenced by vulnerability disclosed last year.

Thinking of how exposed a business would be to eavesdropping, credential theft, and web history/email theft if attackers were to hack past a UniFi access point, Wi-Fi professionals at Miercom, recently tested Ubiquiti’s UniFi Secure HD access point (AP) to determine if it could automatically detect and prevent the six known Wi-Fi threats. The UAP-AC-SHD was only able to automatically detect one of the six threats – the Evil Twin AP – and failed to automatically detect the other five. The UAP-AC-SHD also failed to automatically prevent all six threats.  Results are seen in the table below and full test details can be downloaded here.  Note the blue columns show the UAP-AC-SHD operating alone and the red columns show it when a WatchGuard AP125 is added to the network to protect the UAP-AC-SHD from Wi-Fi hacks.

If you’re a cyber security expert, you’re likely not surprised at these findings as most Wi-Fi equipment makers have put security on the back burner for years mostly because the general market doesn’t have the exposure to how severe of a problem Wi-Fi hacking is and therefore isn’t top of mind to most buyers.  However if you’re not a security expert or if you’re using a Ubiquiti access point right now, you might be a bit shocked.  Especially when the UniFi Secure HD AP contains a dedicated radio that “Constantly monitors and protects against threats” as displayed on the website.

Feeling my electrical engineering roots tugging at me, I had to dig deeper to see if there was some kind  of technical detail footnote could explain away why the dedicated security radio inside the UAP-AC-SHD appeared to be mostly ineffective at stopping major Wi-Fi hacks.  Alas!  On page 5 of the UniFi Secure HD AP datasheet was this text with the ol’ asterisk footnote:

Threat Management The UniFi SHD AP’s dedicated security radio provides persistent threat management to act as a Wireless Intrusion Prevention System (WIPS)* and Wireless Intrusion Detection System (WIDS). Such a dedicated radio affords frequency agility – meaning all available Wi-Fi channels are monitored constantly for threats – not just the channels the AP is using.

* Currently full-time rogue access point detection is the main WIPS feature of the dedicated security radio.

My footnote quest was over but I still feel unfulfilled because the UAP-AC-SHD actually failed the Rogue AP detection test causing me to chalk it up to features still under development at Ubiquiti.

You can protect your UniFi APs from Hacking

Miercom test professionals recognized that WatchGuard has been gearing its cloud-managed AP roadmap with unique security feature sets. To determine how existing Ubiquiti UniFi networks can become Trusted Wireless Environment compliant, Miercom configured a WatchGuard AP125 AP as a security sensor dedicated to protecting the UAP-AC-SHD from the six known Wi-Fi threats. The results show that Ubiquiti Wi-Fi networks that would’ve been vulnerable to the six Wi-Fi threats are 100% protected once a WatchGuard AP125 APs was added.  From a deployment perspective, network and security administrators will find a simple solution where the UniFi APs continue to connect Wi-Fi users as usual and the WatchGuard APs act as a sort of Wireless Intrusion Prevention System (WIPS) sentry, constantly monitoring the air space and wired network for presence of any of the six threats.

Wi-Fi hacking is a hot topic, but one that’s plagued by ambiguous and often contradictory technical terminology. Thankfully, there is a solution to the problem: the Trusted Wireless Environment. The Trusted Wireless Environment framework succinctly defines the six Layer 2 Wi-Fi hacks that affect nearly every business today and provides a simple test criterion to determine if a Wi-Fi network is protected from each type of attack.

Those interested in testing their own Ubiquiti Wi-Fi networks for Trusted Wireless Environment compliance can follow the Trusted Wireless Environment test guide, and contact Miercom via their website for a more thorough test involving live client workloads. Lastly, if you’re wondering how many WatchGuard APs you need to add to your existing Ubiquiti Wi-Fi network to protect it, any WatchGuard reseller near you has access to a professional service from WatchGuard that will provide you with a predictive simulation survey that determines the recommended number of WatchGuard APs, installation locations, and WIPS/Wi-Fi coverage range.

5 Hot Topics From Wi-Fi NOW 2019 London

Wi-Fi NOW, an independent organization led by Claus Hetting, exists to hold the thought leadership agenda for the Wi-Fi industry.   Their mission is to support and promote all things Wi-Fi and they work with individuals, carriers, service providers, tech vendors, and regulators.  Basically, if there’s something happening in the world of Wi-Fi, it’s discussed at one of Wi-Fi NOW’s events first.  This year their European event was held in London where I and several colleagues were in attendance, soaking up and reflecting on all the great presentations and forward-looking ideas from our fellow Wi-Fi industry peers.  In the unfortunate situation you missed the event, have no fear, below are my summary and analysis of the top five hot topics from the event that foreshadow big things are coming to anyone who uses, installs, or supports Wi-Fi ecosystem devices.

1. Wi-Fi 6

802.[insert letter here] Wi-Fi technology versioning is so yesterday people.  The Wi-Fi Alliance has adopted a more simple numbering scheme and the newest version is Wi-Fi 6.  This version of Wi-Fi is a big leap for the industry and basically makes Wi-Fi work much better in situations with large number of clients (IoT, venues, campuses) or vast amounts of traffic (AR/VR, gaming, video conferencing).  A Wi-Fi 6 client such as a laptop, smartphone, etc, connected to a Wi-Fi 6 access point or router will perform better and users will experience the stability and reliability they haven’t previously had with Wi-Fi in busy environments like airports, conference centers, train stations, and so on.  Think about the times you switch off Wi-Fi and use cellular because ‘the Wi-Fi stinks here’, well Wi-Fi 6 has some serious technology improvements that might make that situation a thing of the past:

  • Orthogonal frequency division multiple access (OFDMA) increases network efficiency
  • Target wake time (TWT) significantly improves network efficiency and device battery life, including IoT devices
  • 1024 quadrature amplitude modulation mode (1024-QAM) increases throughput for emerging, bandwidth-intensive uses by encoding more data in the same amount of spectrum
  • Transmit beamforming enables higher data rates at a given range to increase network capacity
  • Improvements apply to both 2.4GHz and 5GHz. 4GHz hasn’t seen any serious improvements since 2009

2. 6GHz

If you’ve ever read the cardboard box your home router came in or know a little about Wi-Fi, you know it operates on two frequency bands: 2.4GHz and 5GHz.  Well buckle up because we are about to see a third band added: 6GHz.  Adding more spectrum for use with Wi-Fi allows more Wi-Fi devices to send/receive at the same time (also known as reducing contention).

3. AI/ML + Wi-Fi

There are literally hundreds of driver settings that can be tweaked for a Wi-Fi radio inside a business access point or home router.  There are some serious Wi-Fi gurus out there, but no human being can possibly monitor the dynamic environment variables like traffic load, client count, temperature of room, open/closed doors, moving people and adjust theses driver settings for optimal performance.  The holy grail of Wi-Fi is to utilize artificial intelligence and machine learning algorithms to dynamically tweak radio settings and pinpoint root cause issues for common user complaints like “the Wi-Fi sucks” and present options for resolving problems to network administrators.  No one has fully cracked the code on this but there are Wi-Fi access point vendors emerging with very promising tools with the beginnings of a powerful roadmap ahead.

4. Stopping Wi-Fi Hacking

We’re celebrating the 20th anniversary of modern-day Wi-Fi in 2019.  We also have been living with six Wi-Fi hacks for all that time which allow attackers to silently intercept Wi-Fi users’ data/passwords/website traffic and more.  The industry has had to deal with WPA2 and WPA3 encryption getting hacked recently as well so the subject of protecting people from Wi-Fi hacks was top of mind at the event.  We advocated the Trusted Wireless Environment movement which raises awareness around Wi-Fi security and offers an easy way to test a Wi-Fi network for vulnerability to these attacks and a way to plug the attack surface once and for all.

5. 5G AND Wi-Fi

The next generation of cellular technology is out our doorstep, 5G, and it has a best friend: Wi-Fi.  You may not realize it, but today when you are nearby a public area like an airport or shopping mall, even though your smart phone’s icon says “4G LTE” or “5GE”, it’s actually connected to a Wi-Fi access point and your data is flowing over Wi-Fi.  The cell carriers lack enough frequency spectrum and network capacity to provide all of our smartphones with sufficient bandwidth so they utilize Passpoint (AKA Hotspot 2.0) to automatically move our smart phone traffic off their cell towers and onto Passpoint compliant Wi-Fi networks.  Cisco reports somewhere around 54% of 4G traffic is offloaded to Wi-Fi and predicts over 70% with 5G due to sharply rising bandwidth demands of mobile users.  For you infosec folks, check this article about a cautionary message of the 5G to Wi-Fi handoff attack surface.