14 DAY TRIAL // As part of its efforts to secure corporate networks and personal devices, the National Security Agency advises corporate and consumer security professionals to follow wireless security best practices, according to Threat Post.
The NSA report wants to raise awareness of the wireless threats employees face when using wireless networks, Bluetooth connections, and the Near Field Communications (NFC) protocol. By far the highest risk is posed by public Wi-Fi that doesn't require a password, thus making it very vulnerable to attack.
The NSA commented on contactless payments using Near Field Communications (NFC). Since the data is transferred via a radio network connection with a press of a button, it can expose users and their financial data to a plethora of security threats. The warning comes at a point when security teams seems to lag on the topic, says Andy Norton, a cyber-risk officer at Armis.
He added that enterprises create a big blind spot in their operations through the use of radio-connected devices. As far as cyber resilience is concerned, the vast majority of resources are directed at preventing attacks from taking place. This is really where most attacks originate, though. There has been relatively little progress in terms of establishing radio connections in the near area.
The recommendations for securing the NFC are the following:
- Do not bring devices near other unknown devices, as this may trigger automatic communication between them.
- Never share credentials or other sensitive information over NFC.
- Disable the NFC function when not in use.
Bluetooth Alerts
While Bluetooth may be an easy option for personal use, it can become a massive security risk when used in public places. Let's not forget that cybersecurity Researcher Fabien Braunlein Positive Security discovered a vulnerability called Send my in Apple devices 3 months ago that allowed data to be transferred from a device to a hacker-controlled Apple iCloud server.
The NSA recommends disabling Bluetooth when in public to protect against a variety of attacks such as BlueBugging or BlueBorne, attack vectors capable of accessing and stealing sensitive information on targeted devices.
Conclusion
Unfortunately, the NSA's warnings are still ignored by many. Tim Erlin of Tripwire stressed that the recommendations are as valid today as they were 6 years ago. The dangers lie in the new, more widely used remote work, where more people are using public wireless networks. He added that while these recommendations are very useful in the context of cybersecurity, it can be difficult for some users to follow them.