Google’s Android has made every wireless network insecure

As a new wireless network sniffing app for Android – reportedly with attack, man-in-the-middle and remote trojan facilities – is about to be released, wireless connections should no longer be considered the best option for network deployments.

The development of dark apps such as the Android Network Toolkit means that anyone armed with an Android smartphone or tablet computer can now become a wireless network hacker.

The fact that this app has been released by a security vendor is actually irrelevant. As Russia’s Elcomsoft has proven, it is possible to release software that allows hackers to dramatically speed up their rate of attack analysis on networks and corporate computer system, apparently under the guise of offering “security analysis software” to the industry.

The release of Android Network Toolkit, however, pushes things to an entirely new level, since it means that hacker script kiddies and newbies can play with IT resources that are accessible wirelessly. Words like ‘irresponsible’ and ‘short-sighted’ spring to mind here, but the bad news for corporate IT managers is that these discussions are now irrelevant, as the genie is now truly out of the bottle.

Against this backdrop, I advise companies to “think wired security” when it comes to network planning and deployments, as it is now clear that wireless connections have to be considered as an insecure networking medium.

The problem facing IT security managers is that the development of on-demand WiFi password cracking services such as WPAcracker.com and ‘password recovery’ applications from Russia’s Elcomsoft, mean that even novice hackers now have the capability to launch successful incursions into most wireless networks.

Yes, there is an argument that VPN authentication and encryption can secure a wireless connection, but the big question that IT managers must now ask themselves when deploying a network is whether wireless is truly the best solution for their organisation.

The VPN for my Android phone (Motorola Global 2 and others of a similar variety) does not work reliably. There is also no wired connection for my device as well as others. So consequently, VPN and wired options do not exist for many consumer/commercial devices. Oh happy day for hackers!

With wired networking connections being far more secure and offering far higher speeds than those achievable using WiFi technology, there is now a pressing argument to opt for wired connections only.

By all means, install a guest WiFi network in an office building to offer a wireless networking option to guests in the lobby or meeting rooms, but only hook the service up to the public Internet and not the corporate IT resource.

That way, if a guest wants to access their email or other resources, they can do so without increasing the risk to the company’s IT systems. With apps like Android Network Toolkit around for free, the barrier to would-be wireless hackers is now so low as to be non-existent.

All it takes is one wireless configuration error, and Android-equipped hackers can gain access to the corporate network – and then all hell can break loose. IT managers now need to think seriously about ditching their wireless networks and going over to the security benefits that only a hard-wired company network environment can offer.

SHARETweet about this on TwitterShare on LinkedInShare on FacebookShare on Google+Pin on PinterestDigg thisShare on RedditShare on TumblrShare on StumbleUponEmail this to someone

Philip Lieberman, the founder and president of Lieberman Software, has more than 30 years of experience in the software industry. In addition to his proficiency as a software engineer, Philip is an astute entrepreneur able to perceive shortcomings in existing products on the market, and fill those gaps with innovative solutions. He developed the first products for the privileged identity management space, and continues to introduce new solutions to resolve the security threat of privileged account credentials. Philip has published numerous books and articles on computer science, has taught at UCLA, and has authored many computer science courses for Learning Tree International. Philip has a B.A. from San Francisco State University.