Monday, November 9, 2015

Wi-Fi Master Key brings Windows Wi-Fi Sense to Android Devices. Welcome to the death of WPA2 Personal.



WPA2 Personal is dead.  If you want "protection" while you access the net,  you should just do it the old fashioned way... (just kidding)

Copyright 2015 Imperial Network Solutions, LLC
 
I’ve blogged in the past on Wi-Fi Sense in Windows 10  http://www.emperorwifi.com/2015/06/wi-fi-sense-how-microsoft-has.html.  Now, you can get the same functionality on Google Android devices with a Chinese app called Wi-Fi Master Key:  http://www.enterprisetimes.co.uk/2015/10/29/who-needs-wifi-passwords/

Wi-Fi Master Key works ostensibly the same way as Wi-Fi Sense.   With both systems, the SSID and passphrase are stored centrally and then the passphrase is shared directly with your device.  The focus by these services is on security for the user, not security for the network.  Both systems claim security because the user never sees the WPA2 passphrase.  This is little comfort to network administrators, because these users get authenticated to the network whether they explicitly know the passphrase or not.   The user is also “isolated” from the network.  In Wi-Fi Sense. this is really only one-way:  the connected network is considered “public” in Windows, and firewall rules are set up to not allow anyone else from the network to access the PC.  However, the connected PC can still access anything and everything else on the network.  Wi-Fi Master Key claims similar isolation functionality, which appears to use a similar firewall mechanism because the app only can control its own device device, not the network. 

In Wi-Fi Sense, the default settings are to share the network with all of your Facebook and Skype friends, though you have to explicitly agree via popup.  With Wi-Fi Master Key, it appears that sharing also needs to be done explicitly, though it is probably fairly easy to do so.  There are not even lip service given to controlling who the information is shared with – apparently once a network is available in Wi-Fi Master Key, it is available to anyone else running the app.    Once the network is shared, it is shared and difficult to
remove again.

Such apps are touted for the following types of networks:
  • Public Hotspots:  Such networks are usually open (i.e. no encryption key) or have a WPA2 Passphrase that is publicly available and thus not a secret (see my blog on this subject: http://www.emperorwifi.com/2015/05/how-operators-can-make-hotspots-and.html)
  • Private Homes:  Wi-Fi Sense is really touted for someone visiting the home of a friend or family member but too lazy to ask for the Wi-Fi passphrase.  These days, most consumer Wi-Fi routers come with a “guest network” feature so you can establish a secondary SSID for visitors that is isolated from your main network, though this assumes the consumer will be able to figure out and properly implement this feature, and not leave there device broadcasting “linksys” on Channel 6.

Large enterprises generally implement WPA2 Enterprise, which uses a back-end database implementing RADIUS to control what devices are on the network, and each user and/or device has its own unique set of credentials (either installed certificates or username/password information).  Large enterprises also tend to have mobile device management (MDM) systems to either control what devices are on the network, or at least control what applications are allowed with particular settings or banned.   As a result, large corporate and government networks are immune from these types of Wi-Fi password sharing applications.   

The challenge with WPA2 Enterprise, however, is that it takes a lot of IT resources to setup and maintain the database.  While large corporations have the knowledge, resources, and funds to do this, most small/medium businesses (SMBs) do not.   SMBs generally do not have the IT resources (knowledge or funds) to set up WPA2 Enterprise and MDM systems, so rely upon WPA2 Personal (i.e. passphrase) for Wi-Fi security of their business.  Most SMBs also have fairly liberal bring-your-own-device (BYOD) policies, and it only takes one user with one device sharing the Wi-Fi credentials to compromise the security of the network.   To complicate matters further, most consumer and IoT network devices may not even support WPA2 Enterprise.

So what are SMBs to do?  There are limited options:
  • VLANs:  Segment your business network from your guest network, and only allow BYOD on your guest network (http://www.emperorwifi.com/2015/05/vlans-why-you-always-want-to-use-them.html).   This may require some network hardware as well as configuration upgrades, and may not even be practical for some businesses.  This also won’t completely protect you if you need some of those BYOD devices on your corporate network for your daily operations.
  • PPSK:  Implement a Wi-Fi solution with personal pre-shared key (PPSK).  Unfortunately, there are only a few enterprise AP vendors (i.e. Cisco, Aerohive, Ruckus) that offer this functionality, and while I’m sure they all want to sell in the SMB space, their pricing and complexity are generally prohibitive for the SMB market.  Devin Akin has a good blog on PPSK and its relevance to IoT (http://divdyn.net/iot-fly/). 
The reality is that both VLANs and PPSK will ultimately be required.   AP vendors who focus on the SMB market generally support VLANs today and will ultimately offer integrated PPSK solutions.  Such solutions may be slow to appear, however, so I wouldn't be surprised to see one or more plucky startup firms try to fill this security void.  Watch this space.

Given the trends of more Wi-Fi Passphrase sharing applications, we need to accept that passphrase sharing is part of the new world order, and that WPA2 Personal is no longer sufficient  for the needs of SMBs or even for consumers who want to keep their network resources private.

40 comments:

  1. its really wonderful article about wifi master and its functionalities.great doing. and i happy to visit your blog to know about this wonderful information. thanks for sharing. keep updating.
    ccna Training in Chennai

    ReplyDelete
  2. I am not sure that where you are getting this ideas.I have read it fully and it is really awesome. Thanks for your wonderful information.
    Android course in Chennai

    ReplyDelete
  3. To become a professional at networking CCNA is the best solution. Once you have completed ccna Training in Chennai you will get huge career opportunity from the leading networking companies.
    Regards,
    ccna course in Chennai | ccna Training institute in Chennai

    ReplyDelete
  4. Superb explanation on wifi concept.. In oder to get more details in regards to networking domain please go throw topics at IICT the top Networking Training Institute in Chennai and CCNA Training Institute in Chennai

    ReplyDelete
  5. German is one of the popular Languages in the world. Over 90million to 95million people are speaking this language. It is a West Germanic language mainly spoken in central Europe. It is primarily native to Europe country and also spoke worldwide German Diaspora. This German diaspora is abbreviated as geographical distribution of German speakers.Thanks for sharing your wonderful blog of post.
    German classes in Chennai | German Language classes in Chennai

    ReplyDelete
  6. This substance makes another trust and motivation within me. A debt of gratitude is in order for sharing article this way. The way you have expressed everything above is entirely amazing. Continue blogging this way.
    Regards,
    ccna Training institutes in chennai | ccna Training in velachery | ccna Training in Chennai | ccna course in Chennai

    ReplyDelete
  7. Wonderful post!!Thanks for sharing your amazing post.Keep on sharing.
    PHP Training in Chennai | PHP Course in Chennai

    ReplyDelete
  8. Thanks of sharing this post…CCNA is the fastest growing language that helps to get your dream job in a best way, so if you wants to become a expertise in CCNA get some training and get certification in CCNA Technology.
    Regards,
    Best ccna Training Institutes in Chennai | Networking Training Centers in Chennai

    ReplyDelete
  9. Thanks for sharing this informative blog. I have read your blog and I gathered some valuable information from this blog. Keep posting.
    Regards,
    Networking Training | Cisco CCNA Training

    ReplyDelete
  10. I have read your blog its very informative and impressive. Keep Updating.ERP software chennai|ERP in chennai

    ReplyDelete
  11. Wi-fi drives most of the internet networks and we have to change them again and again. There are frequent instances when our neighbours have found out the password or maybe someone else and we have had to change the password.
    downloadshareitapp.com

    ReplyDelete
  12. Thanks for your great information. Keep Updating.ERP in Chennai | ERP Providers in Chennai. Brave Technologies Private Limited is an one of the best Low Cost ERP Software Solution for all Industries.

    ReplyDelete
  13. I have read your blog its very Interesting and informative. We are the best ERP Software Solution for all Industries. ERP Software in Chennai

    ReplyDelete
  14. very informative blog. Helps to gain knowledge about new concepts and techniques. Thanks for posting information in this blog…I found lots of interesting information here.Great work. i like this blog..

    ReplyDelete
  15. Nice blog. Thank you for sharing. The information you shared is very effective for learners I have got some important suggestions from it. erp providers in chennai.

    ReplyDelete
  16. The best thing is that your blog really informative thanks for your great information!
    erp in chennai

    ReplyDelete
  17. Excellent post. I have read your blog it's very interesting and informative. Keep sharing.
    cloud erp in chennai

    ReplyDelete
  18. Awesome Article.
    Chase4Net is a reputed software training Institute for CCNA Training in Marathahalli,JAVA Training in Marathahalli,Python Training in Marathahalli,Android Training in Marathahalli .
    Our main focus areas are Java Certification Training and Software Development.Chase4Net has been already ranked as the No.1 for CCNA Training in Bangalore,JAVA Course in Bangalore,Python Training in Bangalore,Android Training in Bangalore.
    We provide quality education to the students at low cost.Students will get real experience.We are the Best Java Certification Training institute in bangalore.

    ReplyDelete

  19. Have an idea of taking up german language classes in chennai? Choose the best class that meets up your requirement from this german language course in chennai provided. All the Best.!

    ReplyDelete
  20. German Language Course Opportunities for students and teachers of German · German courses · German courses in Pakistan · German courses in Germany. The EurasiaInstitute German Language School in Berlin offers intensive German language courses to pass DSH and TestDaF and Why study in Germany for abroad students. Visit Our Blog: http://eurasiainstitute.blogspot.com/ And Visit Our Websites: http://eurasia-institute.com/

    ReplyDelete
  21. Your blog is awesome..You have clearly explained about it ...Its very useful for me to know about new things..Keep on blogging..
    Best Linux Training Institute in Chennai | No.1 Linux Training Center in Chennai | Red Hat Linux Training Center in Chennai

    ReplyDelete
  22. Awesome blog. I enjoyed reading your articles. This is truly a great read for me.
    Suchmaschinenoptimierung in Lüdenscheid

    ReplyDelete