sb-eu logo
Story image

US students hack school WiFi network

09 Apr 2019

Two high school students in the United States were arrested for allegedly hacking their school’s WiFi network to avoid taking a test, proving that education institutions still have work to do when it comes to securing their networks.

According to a report from CBS, two 14-year-olds apparently hired a private company to hack and disable the school’s WiFi over several days in March this year. As a result, teachers were unable to conduct tests or lessons that depended on internet access.

The students are now facing charges including ‘conspiracy to commit computer criminal activity’, and ‘computer criminal activity’.

“Our Wi-Fi connection was compromised over the past week. We have determined that two students may have been involved in the disruption of our system,” Secaucus School superintendent Jennifer Montesano said in a statement.

According to security certificate issuer DigiCert, there are a number of ways to strengthen WiFi networks:

1.    Use sophisticated passwords

Like all passwords, the WPA2 password used to secure wireless networks should be long and sophisticated enough to foil hackers attempting to “aircrack” passwords. Personal names, simple dictionary words, or easily guessed numbers should be avoided.

2.    Change the default WiFi admin username and password

The easy first step to improved security is to change the default username and password. Since most routers don’t require a physical connection to log into the admin interface, eliminating this vulnerability removes the lowest hanging fruit available to hackers.

3.    Use the latest WiFi encryption

If hardware can only support WEP or WPA encryption, look at replacing it. The Wi-Fi Alliance strongly recommends the uniform adoption of WPA2. Cutting-edge encryption has been proven to be secure against even the most committed attackers if it is properly implemented. Enterprise environment managers should use the additional protection afforded by dedicated digital certificates.

4.    Encrypt WiFi router admin pages

Secure administrative login pages with a digital certificate for WiFi. The self-signed certificates that come pre-installed on some routers are publicly untrusted, easy to duplicate, and vulnerable to Man-In-The-Middle (MITM) attacks. SSL Certificates from trusted Certificate Authorities will ensure that all of communication via WiFi remains secure and private. If the router doesn’t cover digital certificates in the quick start guide, look for instructions on the manufacturer’s support website.

5.    Update the WiFi router firmware frequently

Research shows that up to 80% of routers ship with severe security vulnerabilities. Part of the reason for this is the obsolete firmware that is included and automatic updates that are turned off by default. Like other aspects of a network, timely updates are an essential part of any security plan. Ignoring the firmware updates will ensure that network security will fall further and further behind as new exploits are devised by hackers.

6.    Consider locking down MAC addresses

While this may not be practical in larger networks, admins on smaller networks can lock down MAC addresses to have a high level of control. Wireless routers and Access Points rely on access control methods like MAC (Media Access Control) address filtering to prohibit network requests from potential attackers. 
Every WiFi-enabled device is assigned a unique MAC or physical address and maintains a list of devices that can connect to them. Admins can manually input addresses to designate exactly who can connect to a network, although be aware that there are tools that allow attackers to fake MAC addresses.

7.    Train users not to auto-connect

Employees might be tempted to set their devices up to auto-connect to any WiFi signal it encounters. This is especially dangerous in situations where it would otherwise obvious to users that it would be unwise to check their email, due to the possibility of a nearby hacker sniffing the network, but their device connects without asking for permission. Another danger comes in the form of hotspots created specifically by hackers with the sole goal of hacking into connected devices.

8.    Use always-on SSL

The same reasons recommendations to use HTTPS everywhere throughout on a  website apply equally to WiFi. Accessing an account on an encrypted page and then continuing to interact with the site via unencrypted pages leaves the user vulnerable to session sidejacking.

Story image
Businesses left to make decisions based on old, inaccurate data, study finds
"It is more critical than ever that organisations have access to actionable, contextualised, near real-time threat data to power the network and application security tools they use to detect and block malicious actors."More
Story image
Cybersecurity market continues meteoric ascent
With the increase in cyberattacks, organisations are continuing to spend more money on security. However, without a focused cybersecurity strategy, they often spend it in the wrong areas.More
Link image
How to head off a rise in DDoS attacks
Many businesses invest in costly DDoS mitigation and protection solutions, but few test them. NCC Group tests all environments and is one of only two AWS DDoS Test Partners. Claim 10% off your next DDoS service today.More
Story image
Backups as a last line of defence are under threat
Malware can incrementally overwrite and encrypt backups, rendering them inadequate as an insurance policy against ransomware.More
Story image
Palo Alto Networks extends cloud native security platform with new modules
Palo Alto Networks has announced the availability of Prisma Cloud 2.0, including four new cloud security modules, thus extending its Cloud Native Security Platform (CNSP). More
Story image
Video: 10 Minute IT Jams - SonicWall VP discusses the importance of endpoint security
In this video, Dmitriy discusses the exposure points and new risks that come as a result of widespread flexible working arrangements, how organisations should secure their massively distributed networks, and how SonicWall's Boundless Cybersecurity model can solve these issues.More