Agency warns attackers targeting teleworkers to steal corporate data.
By: Becky Bracken
The U.S. National Security Agency is offering advice to security teams looking for wireless best practices to protect corporate networks and personal devices. The recommendations, while pedestrian in scope, do offer system administrators a solid cheat sheet to share with their work-from-home crowd and mobile workforces.
For starters the NSA, in a public service announcement posted on Thursday (PDF), urged security teams to be mindful of the wireless threats employees face when using Wi-Fi networks. It also lumps Bluetooth technology and Near Field Communications (NFC) into its list of worrisome protocols.
By now, café-based workers have likely mastered both public bathroom and Wi-Fi hotspot hygiene. But, for anyone who hasn’t the NSA advises: “Data sent over public Wi-Fi—especially open public Wi-Fi that does not require a password to access— is vulnerable to theft or manipulation.”
Advice also includes warnings of fake access points that can vacuum up user credentials and skim other personal data retrieved on the “evil twin” access points.
NSA Warns of Bluetooth
More interestingly, the agency cites Bluetooth as a convenient protocol for private use, but when used in public settings it can be a nasty security liability. The NSA advises turning off Bluetooth in public, lest a user be open to a range of attacks such as BlueBorne or BlueBugging – both used to access and exfiltrate corporate data on targeted devices.
Just last May, security researcher Fabian Braunlein with Positive Security identified Apple’s Send My Bluetooth exploit which allowed data to be exfiltrated from a device to an attacker-controlled Apple iCloud server.
The NSA also touched on Near Field Communications (NFC), a handy tool for contactless payments. It said data transfer between devices using NFC can be a cybersecurity minefield of pitfalls. With just a tap data, is moved across a radio network from one device to another.
Andy Norton a cyber-risk officer with Armis told Threatpost security teams are lagging behind when it comes to securing NFC communications.
“Radio connected devices represents a huge risk blind spot for organizations,” Norton said. “These are very much the soft underbelly of information security controls –– the majority of energy, focus, and money from a cyber resilience perspective is spent on preventing attacks coming through the internet connected attack surface. Very little is being done to access the risk from near field radio connections.”