Would you know if someone (even an employee) spun up a common open network (for example “Starbucks” or “Xfinity”) access point in the middle of your building?
So what? What’s the risk?
If a common open network such as “Starbucks” or “Xfinity” is being hosted by an attacker, it can be used to trick client devices to connect, taking advantage of the “auto-connect” feature used in many devices, and potentially resulting in anyone gaining access to your network. Once on the network the attacker would be able to capture data sent to and from the client device, or maybe even the network as a whole.
How do I prevent it?
Sonar is a subscription service that identifies wireless network threats and vulnerabilities. Sonar has many alerts, one of which specifically detects if someone is spinning up an open network.
If Sonar detects a new common open network, such as “Starbucks” or “Xfinity”, that was not previously seen you’ll be alerted. These illegitimate networks are often used as a tactic to trick devices to connect to their network, where the attacker may be able to view or manipulate traffic. Often, the client may not be aware that they are connected to this network and may attempt to perform actions that should not be performed outside of the company network.
These attacks exploit devices that have these common open networks in their preferred network list, meaning that they will automatically connect when in range of the network. Attackers will often also de-authenticate client devices from the legitimate company network, attempting to trick the devices to connect to their network instead of reconnecting to the company network.