Should we recommend to avoid WiFi?

Given the state of wi-fi (in)security these days, funny that we don’t have a recommendation anywhere in the wiki to avoid it at all costs.

Seeing the online description of the poor state of it (all → WEP, WPA, WPA2) and the list of Kali Linux hacking tools alone should make anybody default to ethernet and rip out/disable any hardware supporting wifi, including unscrewing antennas for dual ethernet/wifi routers.

I think I’ll add it to the list (to avoid) unless there are any objections. And, if you’re not sure, let me list some wifi cracking tools here:

Aircrack-ng
Asleap
Bluelog
BlueMaho
Bluepot
BlueRanger
Bluesnarfer
Bully
coWPAtty
crackle
eapmd5pass
Fern Wifi Cracker
Ghost Phisher
GISKismet
Gqrx
gr-scan
hostapd-wpe
kalibrate-rtl
KillerBee
Kismet
mdk3
mfcuk
mfoc
mfterm
Multimon-NG
PixieWPS
Reaver
redfang
RTLSDR Scanner
Spooftooph
Wifi Honey
Wifitap
Wifite 

Also, what’s the state of those recs around 3G anonymous modems? Are we still supporting that view. I suppose it could be updated to 4G now…

Good day,

Could I just add zANTI: Penetration Testing for Mobile Applications Pentesting Toolkit | zANTI

That is pretty much the script kiddie dream App, as it allows MITM over any Android based Smartphone with just the press of a button. You can replace images, reroute traffic, inject malicious code and read any unencrypted traffic in a network. Works suprisingly well, as I may attest to from personal experience when using it for rather basic pen-testing.

They even have Microtransactions, as in, certain exploits can be bought with real money and they even offer a cloud based background system to allow more complex vulnerability scans.

Adding to all of that, tools like Ghost Phisher and others in your list up their work on Ethernet as well. Intercepting communication is possible regardless of whether you use WLAN or LAN. Only encrypting the communication on a end-to-end basis will protect your network traffic.

Have a nice day,

Ego

Surely the point of Tor is that it’s built from the ground-up to work in the most hostile network environments, with the assumption that someone might be sitting between you and your first-hop into the Tor network?

While I think that with all those tools being available, it might be good general advice to avoid Wi-Fi, but is that really Whonix-specific?

In theory, Tor/Whonix should already act to protect against most of the worries that come with Wi-Fi traffic interception, such as unencrypted DNS requests, HTTP-only sites, or destination leakage via TLS Server Name Indication.

Sure. 3G was just a conceptual term. Could have been 2G earlier. 4G is no difference.

A huge number of tools says very little. I’d say, you haven’t made your case yet.

Am I no longer up to date or is it no longer impossible to break WPA / WPA2 with a properly secure password?

As for open WiFi hotspots, these should in theory be no less secure than using a clearnet connection to some server? Both connections are vulnerable to MITM.

What is the attack you have in mind here that no longer using WiFi would circumvent?

You could say using any of your devices (like android phone) in an open WiFi increases the chances of being MITMed a lot. Novice users then have a higher chance of falling for certificate errors and such, thereby get compromised. Also one could statistically be up to more attacks by open Wifi attackers than ISP level attackers. Once some device, even if just the android phone, is compromised and in your LAN, you could say that wouldn’t do the Tor connection from your desktop computer any good either. (The android phone can be more easily made to generate traffic then which influences Tor connection speeds which then may be more easily correlated at remotes.) That might be a case against open WiFis.

But what’s your case against private WPA WiiFis that have secure passwords?

Yes, I was getting a little bit excited there.

Only thinking based on general principles, noting for Whonix users that may not be aware:

https://pdfs.semanticscholar.org/5c24/512873fc680747b17f398da0384133d841ee.pdf

WEP is completely busted

However, WEP has been shown to be a relatively weak security protocol, having numerous flaws. Hence, it can be ‘cracked’ in a few minutes using a basic laptop computer.
…
For example, WEP fails to protect the information against forgery and replay attacks, hence an attacker may be capable of intentionally either modifying or replaying the data packets without the legitimate users becoming aware that data falsification and/or replay has taken place. Furthermore, the secret keys used in WEP may be ‘cracked’ in a few minutes using a basic laptop computer [97]. Additionally, it is easy for an attacker to forge an authentication message in WEP, which makes it straightforward for unauthorized users to pretend to be legitimate users and hence to steal confidential information [98].

History of recent attacks on various WPA/WPA2 protocols

There is a history over the last few years of finding weakenesses in WPA/WPA2 protocols e.g. successful attacks on standards using PSK encryption keys, TKIP, MSChapV2 etc:

WPA Wi-Fi Encryption Cracked In Sixty Seconds

WPA2 wireless security cracked

WPA2 Exposed with 'Hole 196' Vulnerability - Infosecurity Magazine

http://www.computerworld.com/article/2505117/cyberwarfare/tools-released-at-defcon-can-crack-widely-used-pptp-encryption-in-under-a-day.html

etc etc (there is pages and pages of similar)

You’re right insofar as you use a suitably long passphrase and use updated/recommended protocols, that probably all of those major hacking tools will fail, since they are mostly attempting to bruteforce passwords via rainbow tables, dictionary words etc.

I can’t find information to indicate otherwise on the security guru forums.

But, it is worth noting how many failures keep popping up in the wireless protocols, and the fact that it is a broadcast protocol makes it suceptible to jamming attacks, potential eavesdropping etc. The ethernet protocol on the other hand does not face anywhere near the same scale of risks being a hardwired connection.

If there has to be an advice about WiFi at all, it would be to use WPA2-AES with a strong password, with 63 random characters if possible. You can’t just brute-force that. Combine this with MAC address whitelisting and client isolation.

If your threat model involves three-letter agencies, they prefer to backdoor routers instead, in that case use open source firmware and choose your brand carefully.

Related:

3G/4G modems generally more secure than wi-fi due to use of cellular networks:

3G/4G Mobile Broadband

Mobile broadband delivered over a mobile phone network (such as Sprint or Verizon) and delivered via USB sticks like the one above is inherently one of the most secure and safe ways to access the Internet. Why? Because when you are using a mobile broadband connection over a phone network, you automatically employ the mobile provider’s built-in encryption when sending and receiving data. This makes it virtually impossible for would-be hackers or thieves to ‘sniff’ your connection and try to connect to it, like they could with a traditional Wi-Fi connection. It’s like having a highly secure WEP or WPA key built into your connection.

3G/4G mobile broadband also gives you a Private IP address, which essentially means your connection sits behind the broadband provider’s firewall, giving you an additional layer of security.

Security experts around the world generally agree that 3G/4G mobile broadband is by far the most secure option when looking at mobile broadband. At a recent Gartner Security Summit in Sydney, Australia, senior security analyst Robin Simpson revealed that unlike Wi-Fi security, which is relatively easy to hack, a 3G/4G connection is considerably more challenging: “It’s a completely different proposition to hack into a cellular session than a Wi-Fi session. We think that dongles and built-in 3G are a tremendous security option.”

Caveats:

• Firewall;
• Strong password; and
• Making sure you don’t lose the USB dongle device.

On the downside (quick scan, not proper research):

• Many are manufactured by handful of countries that run insecure software in the recent past e.g. http://www.macworld.com.au/news/3g-and-4g-usb-modems-are-a-security-threat-researcher-says-89533/
• CSRF vulnerabilities that can be used to steal login credentials and commit fraud Blog | Tripwire
• Many devices show critical zero days (as late as 2015) e.g. remote code execution flaws, vulnerabilities to exploit firmware, cross-site scripting vulnerabilities etc 3G/4G cellular USB modems are full of critical security flaws, many 0-days - Help Net Security

Coming back to wi-fi, perhaps we note somewhere a non-Whonix-specific recommendation for users to (thanks anonymous1):

• Only use WPA2-AES standard with a strong Diceware passphrase, up to 63 characters in length if possible to prevent bruteforcing;
• Use client isolation;
• Use MAC address whitelisting;
• Turn off broadcasting of the SSID (network identifier) to minimise detection threats to your network;
• Use the inbuilt firewall and check it is activated; and
• Flash the router with DD-WRT to provide more secure opensource firmware and greater functionality.

Anything else i.e. dangerous protocols that should be turned off (I don’t use wi-fi)?

Last time I checked, MAC whitelisting and SSID hiding didn’t add any security.

OK.

3G/4G modem wiki changes awaiting sign-off. They don’t like very desirable to me…

Cell modems that are allowed for use are 0day goldmines that are connected to insecure networks. If you care about your systems security you should never directly attach one to your trusted device.

Also you cannot secure a Wifi LAN without considerable effort. The endpoint device is no more or less secure when using wifi or not.

Sidenote for those who have trivial threat models of wanting to keep unauthorized physical access to their local wifi hotspot: Disable WPS because it can allow unauthorized access even if using WPA2: Wi-Fi Protected Setup - Wikipedia

Yes. Shows you shouldn’t trust anybody in the media who calls themselves a ‘security expert’

The only reason I’m diving into this issue I don’t know much about, is because the Security Guide is making 3G/4G modems look like some kind of godsend.

But we know from Snowden disclosures that:

a) Spooks have various programs subverting cellular networks and stealing keys (for some time);
b) Downgrade attacks e.g. 4G->3G etc are rampant;
c) Spooks have success (apparently) in attacking all the ciphers used for encryption in cellular networks; and
d) Manufacturers produce firmware that are zero-day goldmines.

So based on a->d, I thought (but am not sure, since I know jack about networking) that this looks like a really bad suggestion to have in the wiki, since it was written in the good ole days when we didn’t know any of this.

PS (unrelated) does that adversary typing biometrics work only with Javascript turned on? Or is the thinking that Kloak is needed at all times because biometrics are still available without Javascript? It didn’t talk about it on the github site.

Anonymous 3G/4G Modems -> Anonymous Mobile Modems?

The basic idea behind anonymous mobile modem / WiFi adapter when that was written was quite simple: For activities that require best possible anonymity, don’t do it from a local / usually used internet connection. Buy an anonymous networking device and do it from a place far from oneself. The idea is, even if Tor is totally broken or can be broken after some time, the IP used would not lead back to the postal address of the sender.

Right. Sorry, it wasn’t actually clear to me before.

Fixed in security guide wiki. Plus about 12 other things. I’ll beat the security guide into submission yet, then eventually work on that advanced security guide for readability.

Great stuff! Glad we sorted that out! Not that great if such advice is added, but not clearly outspoken and hence very few interested people having a chance to get that idea. I am glad for any scrutiny and the resulting enhancements!

Right. Add to that the NSA has a seat at cell comms protocol standardization so its security is completely and utterly fucked.

SSH in interactive mode and remote desktop session are other non-JS leaks of keystroke cadence. Kloak should protect against all these and malicious code running in a VM.

I think this is very useful advice and still holds in very specific contexts, for countries where one can buy SIM cards anonymously. A burner phone with an anonymous sim as a tethered device for comms.

it’s a long while, i am thinking about this
do you think that using this method that buy a burner phone (hotspot wifi share compatible) with an anonymous sim card good enough?
what about using anonbox router or DD-WRT compatible router?

• Anonymous Mobile Modems
• Safe Purchase of a Mobile Modem and SIM Card

Yes it should be if you want to hide the owner of the internet connection. (if no attempt to triangulate and send operatives to check on and identify you in meatspace is specifically done).

Those are options for a different situation. Embedded devices with a shipped Tor daemon are a bad idea because the guys behind them never update the firmware so you’re running an unsecured stack, you also don’t have guaranteed traffic isolation where an infected device can just use other internet hotspots or call home and note the wifi IDs in your area and blow your cover. Also just pumping traffic through Tor isn’t enough, Whonix does a lot more to configure and use use safe defaults that don’t leak identifying info at the protocol level

How about inserting 4g modem into mini routers like travel mini routers, and then connect through router WiFi
Any advantages or its the same risk