Given the state of wi-fi (in)security these days, funny that we don’t have a recommendation anywhere in the wiki to avoid it at all costs.
Seeing the online description of the poor state of it (all → WEP, WPA, WPA2) and the list of Kali Linux hacking tools alone should make anybody default to ethernet and rip out/disable any hardware supporting wifi, including unscrewing antennas for dual ethernet/wifi routers.
I think I’ll add it to the list (to avoid) unless there are any objections. And, if you’re not sure, let me list some wifi cracking tools here:
That is pretty much the script kiddie dream App, as it allows MITM over any Android based Smartphone with just the press of a button. You can replace images, reroute traffic, inject malicious code and read any unencrypted traffic in a network. Works suprisingly well, as I may attest to from personal experience when using it for rather basic pen-testing.
They even have Microtransactions, as in, certain exploits can be bought with real money and they even offer a cloud based background system to allow more complex vulnerability scans.
Adding to all of that, tools like Ghost Phisher and others in your list up their work on Ethernet as well. Intercepting communication is possible regardless of whether you use WLAN or LAN. Only encrypting the communication on a end-to-end basis will protect your network traffic.
Surely the point of Tor is that it’s built from the ground-up to work in the most hostile network environments, with the assumption that someone might be sitting between you and your first-hop into the Tor network?
While I think that with all those tools being available, it might be good general advice to avoid Wi-Fi, but is that really Whonix-specific?
In theory, Tor/Whonix should already act to protect against most of the worries that come with Wi-Fi traffic interception, such as unencrypted DNS requests, HTTP-only sites, or destination leakage via TLS Server Name Indication.
Sure. 3G was just a conceptual term. Could have been 2G earlier. 4G is no difference.
A huge number of tools says very little. I’d say, you haven’t made your case yet.
Am I no longer up to date or is it no longer impossible to break WPA / WPA2 with a properly secure password?
As for open WiFi hotspots, these should in theory be no less secure than using a clearnet connection to some server? Both connections are vulnerable to MITM.
What is the attack you have in mind here that no longer using WiFi would circumvent?
You could say using any of your devices (like android phone) in an open WiFi increases the chances of being MITMed a lot. Novice users then have a higher chance of falling for certificate errors and such, thereby get compromised. Also one could statistically be up to more attacks by open Wifi attackers than ISP level attackers. Once some device, even if just the android phone, is compromised and in your LAN, you could say that wouldn’t do the Tor connection from your desktop computer any good either. (The android phone can be more easily made to generate traffic then which influences Tor connection speeds which then may be more easily correlated at remotes.) That might be a case against open WiFis.
But what’s your case against private WPA WiiFis that have secure passwords?
Only thinking based on general principles, noting for Whonix users that may not be aware:
WEP is completely busted
However, WEP has been shown to be a relatively weak security protocol, having numerous flaws. Hence, it can be ‘cracked’ in a few minutes using a basic laptop computer.
For example, WEP fails to protect the information against forgery and replay attacks, hence an attacker may be capable of intentionally either modifying or replaying the data packets without the legitimate users becoming aware that data falsification and/or replay has taken place. Furthermore, the secret keys used in WEP may be ‘cracked’ in a few minutes using a basic laptop computer . Additionally, it is easy for an attacker to forge an authentication message in WEP, which makes it straightforward for unauthorized users to pretend to be legitimate users and hence to steal confidential information .
History of recent attacks on various WPA/WPA2 protocols
There is a history over the last few years of finding weakenesses in WPA/WPA2 protocols e.g. successful attacks on standards using PSK encryption keys, TKIP, MSChapV2 etc:
You’re right insofar as you use a suitably long passphrase and use updated/recommended protocols, that probably all of those major hacking tools will fail, since they are mostly attempting to bruteforce passwords via rainbow tables, dictionary words etc.
I can’t find information to indicate otherwise on the security guru forums.
But, it is worth noting how many failures keep popping up in the wireless protocols, and the fact that it is a broadcast protocol makes it suceptible to jamming attacks, potential eavesdropping etc. The ethernet protocol on the other hand does not face anywhere near the same scale of risks being a hardwired connection.
If there has to be an advice about WiFi at all, it would be to use WPA2-AES with a strong password, with 63 random characters if possible. You can’t just brute-force that. Combine this with MAC address whitelisting and client isolation.
If your threat model involves three-letter agencies, they prefer to backdoor routers instead, in that case use open source firmware and choose your brand carefully.
3G/4G modems generally more secure than wi-fi due to use of cellular networks:
3G/4G Mobile Broadband
Mobile broadband delivered over a mobile phone network (such as Sprint or Verizon) and delivered via USB sticks like the one above is inherently one of the most secure and safe ways to access the Internet. Why? Because when you are using a mobile broadband connection over a phone network, you automatically employ the mobile provider’s built-in encryption when sending and receiving data. This makes it virtually impossible for would-be hackers or thieves to ‘sniff’ your connection and try to connect to it, like they could with a traditional Wi-Fi connection. It’s like having a highly secure WEP or WPA key built into your connection.
3G/4G mobile broadband also gives you a Private IP address, which essentially means your connection sits behind the broadband provider’s firewall, giving you an additional layer of security.
Security experts around the world generally agree that 3G/4G mobile broadband is by far the most secure option when looking at mobile broadband. At a recent Gartner Security Summit in Sydney, Australia, senior security analyst Robin Simpson revealed that unlike Wi-Fi security, which is relatively easy to hack, a 3G/4G connection is considerably more challenging: “It’s a completely different proposition to hack into a cellular session than a Wi-Fi session. We think that dongles and built-in 3G are a tremendous security option.”
Strong password; and
Making sure you don’t lose the USB dongle device.
On the downside (quick scan, not proper research):
Cell modems that are allowed for use are 0day goldmines that are connected to insecure networks. If you care about your systems security you should never directly attach one to your trusted device.
Also you cannot secure a Wifi LAN without considerable effort. The endpoint device is no more or less secure when using wifi or not.
Sidenote for those who have trivial threat models of wanting to keep unauthorized physical access to their local wifi hotspot: Disable WPS because it can allow unauthorized access even if using WPA2: Wi-Fi Protected Setup - Wikipedia
Yes. Shows you shouldn’t trust anybody in the media who calls themselves a ‘security expert’
The only reason I’m diving into this issue I don’t know much about, is because the Security Guide is making 3G/4G modems look like some kind of godsend.
But we know from Snowden disclosures that:
a) Spooks have various programs subverting cellular networks and stealing keys (for some time);
b) Downgrade attacks e.g. 4G->3G etc are rampant;
c) Spooks have success (apparently) in attacking all the ciphers used for encryption in cellular networks; and
d) Manufacturers produce firmware that are zero-day goldmines.
So based on a->d, I thought (but am not sure, since I know jack about networking) that this looks like a really bad suggestion to have in the wiki, since it was written in the good ole days when we didn’t know any of this.
Anonymous 3G/4G Modems -> Anonymous Mobile Modems?
The basic idea behind anonymous mobile modem / WiFi adapter when that was written was quite simple: For activities that require best possible anonymity, don’t do it from a local / usually used internet connection. Buy an anonymous networking device and do it from a place far from oneself. The idea is, even if Tor is totally broken or can be broken after some time, the IP used would not lead back to the postal address of the sender.
Great stuff! Glad we sorted that out! Not that great if such advice is added, but not clearly outspoken and hence very few interested people having a chance to get that idea. I am glad for any scrutiny and the resulting enhancements!
I think this is very useful advice and still holds in very specific contexts, for countries where one can buy SIM cards anonymously. A burner phone with an anonymous sim as a tethered device for comms.
it’s a long while, i am thinking about this
do you think that using this method that buy a burner phone (hotspot wifi share compatible) with an anonymous sim card good enough?
what about using anonbox router or DD-WRT compatible router?
Yes it should be if you want to hide the owner of the internet connection. (if no attempt to triangulate and send operatives to check on and identify you in meatspace is specifically done).
Those are options for a different situation. Embedded devices with a shipped Tor daemon are a bad idea because the guys behind them never update the firmware so you’re running an unsecured stack, you also don’t have guaranteed traffic isolation where an infected device can just use other internet hotspots or call home and note the wifi IDs in your area and blow your cover. Also just pumping traffic through Tor isn’t enough, Whonix does a lot more to configure and use use safe defaults that don’t leak identifying info at the protocol level