Why do coffee shops not use WPA/WPA2? Would it solve many problems if they did?

Question

So I'm looking into public WiFi security in places such as hotels, coffee shops etc. It seems the current standard is just to use open wi fi connections in many of these locations. I would assume this is for a number of reasons:

• Simple for the company - the provider does not need to train their workers in basic network security, don't need to manage keys or anything really, just plug the router in and go. Also costs the company less because of this.
• Convenient for the user - the user doesn't have to concern themselves with trivial things like security, they just want to get straight to their online banking and shopping in a public place!
• Ignorance - the person adding the free WiFi simply has no idea of the security risks involved, or they are dumping the responsibility of security onto the user, it's their data/money/identity after all

So, first question. In your experience, is it true that most coffee shops, hotels, airports typically use an open connection, or are protected networks more commonplace now?

If it is the case that most are unprotected, are there any other reasons as to why this is the case, beyond the ones above that I've listed?

Second question, assume a coffee shop with an open network, all traffic is extremely easy to sniff. Now picture the establishment upgrades it to WPA2/AES secured network. Is the network really that more secure?

Sure attackers can no longer easily sniff the network from down the street, but how hard is it for them to go in, buy a coffee and get the current key. Even assuming the keys are changed daily, repeats are never used, and they are complex enough to take months to crack, any attacker could just buy a coffee and connect to the network right? Or even get the key through social engineering, or just get a friend to get a coffee and the key.

I understand that WEP, WPA2 etc. all do encryption at a network (as opposed to user) level of granularity. I.e. if someone has the key, they can now decrypt all traffic on the network, so we're back to the problem that an attacker can read all traffic as if it was an open network, and it's already proven to be trivial to get the key. So, with this in mind, is an unlocked encrypted network equivalent to an open network? What sort of attacks could a hacker do on a WPA2 secured network? Could you do a man in the middle attack as easily as on an open network? Is it possible to create a rogue AP with the SSID and key, advertised with the same encryption standard, as possible with the open network?

Thanks for reading this lengthy post, and thanks in advance for answers to any of my three questions!

Answer 1

Instead of continuing in the comments, I think I will just answer your real question, which I understand to be - why is using WPA/WPA2 Personal with a public SSID and Passphrase not more secure than having an open network, and why doesn't WPA/WPA2 Enterprise work in the coffee shop scenario.

If the passphrase was public (as it would be in this scenario) and WPA/WPA2 personal is in use, anybody who has the passphrase and SSID name can decrypt anybody else's wireless traffic, as long as they can capture the initial 4-way handshake for that client (which occurs when connecting to the network). If someone wants to decrypt someone's future traffic but did not monitor their client's initial 4-way handshake, they can simply force a new handshake between that client and the AP using a targeted deauthentication, at which point you would be able to capture the new 4-way handshake and decrypt all of their future traffic. Of course, if the client under attack were to use a VPN, SSH tunnel, TLS, or some other strong encryption mechanism over the wireless, that traffic would be protected to the extent that the mechanism that they chose allows.

The reason why their traffic can be decrypted is that WPA/WPA2 personal creates a pairwise master key from the passphrase and SSID used when logging in. The PMK is then used to create a Pairwise Transient Key and Groupwise Temporal key, where the PTK is unique per client and the GTK is shared for all currently connected clients (for broadcast traffic). This PTK can be derived from the PMK using information from the 4-way handshake (which is negotiated in plain text). Therefore, if you are able to sniff the 4-way handshake, you can get the information used to derive that client's PTK from the PMK that you already know because you know the passphrase and SSID (usually by doing PBKDF2(Passphrase, SSID, ssidlen, 4096, 256)).

WPA enterprise doesn't work well because everyone would need a way to authenticate, whether credentials (EAP-PEAP), certificate (EAP-TLS), or other (various other EAP modes), and this wouldn't support the coffee shop's goal of providing free wireless access to nearby individuals.

Answer 2

You're missing the bigger question: why?

1. Encryption adds greatly to the coffee shop's cost. There are small one-time costs incurred when someone has to configure the access points, assign passwords, manage them, change them, post signs saying "this week's password is C0ffeebuck$" etc. There is an ongoing high payroll cost, too. Baristas are paid to make coffee, and are not paid to be network technical support, and yet they would be forced to spend their time answering tech support questions from frustrated customers instead of selling more coffee.

2. It protects nothing that is of value to the coffee shop. This isn't the coffee shop's private network that allows access to their computers, registers, and corporate network. This is a separate network, isolated from their internal network. If they allow customers to connect to it, they cannot trust the traffic, regardless of whether it's been encrypted. If the shop considers "network access" to be of promotional value, it's already protected somewhat by the physical limitations of WiFi signal propagation, and the signal won't be usable to anyone more than about a hundred meters away. And once a customer has purchased their coffee and gained access, there is no mechanism inherent to WPA2 that takes that access away after they've finished their beverage. Could a shop afford to change passwords on an hourly or daily basis to prevent people from abusing their access? See #1 above.

3. It doesn't offer significant protection to the customers. How would someone know they're connecting to Coffeebucks's real network? Because the network is named Coffeebucks? Encryption doesn't solve the problem of authenticating the access point if your computer doesn't have some other kind of trust relationship with it. Going back to costs, what would it cost a coffee shop to grant their customer computers authentication via RADIUS servers?

4. Even if a customer could absolutely trust the connection to the access point, they are still on a segment that is shared with other customers, so they are essentially on the public side of the internet anyway. Nobody should trust sending unencrypted data to flow unprotected over the internet. Do you use http or https to do your banking from home? Why do you insist on https if you have WPA2? Because you need to protect your data over the entire trip, not just the single hop between your computer and your access point.

Answer 3

In my context, the asia-pacific region, it's about 50-50 between secured WPA/WPA2 and unsecured. If you have a look at wigle.net you could find out exactly, however it's a lot of work, because you'll have to do quite a bit of filtering etc for actual coffee shops and not just commercial or personal networks, but you'll get a good broad picture anyway.

For a hacker doing sniffing or Man in the middle attacks (MitM), the secured networks have a much larger obstacle - a password. This will make the sniffing less effective purely because the amount of people connected is reduced. So you will have fewer victims at any point in time that are actively pushing and pulling traffic through the network that can be sniffed. A silent network is a boring network for a sniffing attacker.

If the attacker asks for the password, or hacks it, they'll be able to sniff just as well as they could have with an open unsecured network. The key point here is that you can't sniff raw http unless you're in the network - at least with conventional hacking tools and hardware, which is the most likely way someone will be exploiting a coffee shop scenario.

put simply, secured vs unsecured is different for a packet sniffer only because of the password. The actual sniffing once the attacker is inside either network is practically identical.

However, attackers are likely to prefer unsecured networks purely because there's likely to be more targets connected. Unless of course, they have a particular target in mind. I would imagine someone behind a WPA-2 password would feel more comfortable visiting, communicating and transmitting content that's far more private or valuable. However if there's only three people on that network, and you're after credit cards or something, you're only going to get three cards. An open network in the middle of the city, has an endless amount of new customers who might make transactions or give away passwords over the air to other sites or apps.

Some cafe's do things like put in middleware, which is effectively a sniffing platform in most cases. They might whitelist/blacklist traffic, take logs, do dns redirects to landing pages... whatever they want, it's their network. Depending on how these are set up, they could prevent other random people doing sniffing attacks across the network by giving each user an isolated connections. However I've rarely seen these in the wild. The typical network is completely sniffable. You can check if you're on a sniffable network with any network analyzer app for your phone. If you see random IP's pop up, then you're not isolated and you and everyone else is vulnerable to a MitM attack.

The exceptions are users who are using encrypted channels, or are forcing https connections for their traffic. These are less sniffable. However while VPN's or things like Tor are relatively secure and commonplace protection against these attacks. https is not entirely safe either, an attack could use sslstrip to downgrade the requests to plain text http, issue their own certificates for some sites. Alternatively they could DOS all https traffic and force people to just give up using encrypted traffic, which would work on most sites except those that only support secured traffic like banks

things to secure yourself (not an exhaustive list)

• use a private reputable VPN ($) or TOR (free).
• if using email, use PGP or some other secure connection.
• use SFTP or SSH not FTP if updating a website or moving files around.
• never connect to a network without a strong password on your computer
• have a firewall, intrusion detection and antivirus installed, most companies offer generous free periods on their full software. I think Norton give 30 days at the moment.
• if possible, don't use your personal login when connecting, instead maybe boot of a live-cd or usb, this will minimise your exposure to network based attacks that want more than your sniffable web traffic - these attackers are after a persistent remote connection into your computer.

However the easiest and safest thing you could do without getting too technical, in all of these situations is to use your mobile phones 3G or 4G (not 2G) data cconnection via a cable NOT as a personal hotspot. This is because you're connecting to cell towers and not random untrusted wifi access points. Of course you could be intercepted through that too, the government have lots of fun with IMSI catchers - but these technologies are less common, not easily available to everyday hackers and are simply harder to conceal than the tech it takes to sniff a regular wifi network (a raspberry pi concealed in anything can do it) also an attacker can do this on any laptop, android and even on jailbroken iPhone's. Also if you see a wifi pineapple (google it), definitely avoid wifi! lol

play safe :)

Answer 4

For commercial providers, hotspots, and large organizations, the preferred solution is often to have an open and unencrypted, but completely isolated wireless network. The users will at first have no access to the Internet nor to any local network resources. Commercial providers usually forward all web traffic to a captive portal which provides for payment and/or authorization. Another solution is to require the users to connect securely to a privileged network using VPN.

From: http://en.wikipedia.org/wiki/Wireless_security#RF_shielding

I've never been able to use a truly isolated network, maybe I'm doing it wrong, maybe its my hardware. I'm also by no means certified in the field of networking nor am I a professional. So I could be completely wrong.

In your experience, is it true that most coffee shops, hotels, airports typically use an open connection, or are protected networks more commonplace now?

Whenever I go into a location and I see a wireless access point I always look to see what the make of it is. Usually its a Cisco Aironet ceiling/wall mounted device setup by an ISP as a hotspot for its customers. Most of the access points I've seen are open.

Second question, assume a coffee shop with an open network, all traffic is extremely easy to sniff. Now picture the establishment upgrades it to WPA2/AES secured network. Is the network really that more secure?

Let me refer you to the answer for the question " Encrypt WiFi connection per connected user ".

To summarize that answer (go upvote that Q and A after reading), no. All a person needs to do is walk in and buy a biscuit (cheaper than coffee). Once the user has a key, they can sniff like the world's friendliest dog.

So, with this in mind, is an unlocked encrypted network equivalent to an open network? What sort of attacks could a hacker do on a WPA2 secured network?

If you're handing out the key, then for any stationary/targeted attack they might as well be equal. Encrypting the wireless network will simply prevent your high-speed war driver from access (who does that these days?).

Could you do a man in the middle attack as easily as on an open network? Is it possible to create a rogue AP with the SSID and key, advertised with the same encryption standard, as possible with the open network?

I suspect the answer is a big yes.

The attacks possible on the network will probably vary based on the hardware in the access point. Some AP's come equipped with Wireless Intrusion Prevention Systems, that try to prevent some of the basic/common attacks.

But how can I stay safe?

I think someone once said that the greatest gift a person could ever give to another human is end-to-end encryption.

Its essentially up to the client to use additional precautions such as an SSH tunnel or VPN. If access is required then a secure endpoint is also required, making it highly impractical for most personal computer users.

Answer 5

Most places that provide free WiFi just don't care about security, and they want to make it as easy as possible for customers to connect. Since users of such open WiFi by-and-large don't care about security either, there's not much pressure for them to change that mentality.

However it's not really as difficult to secure such a network as others here have been suggesting.

Here's what I would do if it were my cafe:

First of all, make sure the AP has "AP isolation mode" enabled, which will prevent most network-based attacks because associated endpoints don't have trivial access to traffic going to/from other endpoints. (Over-the-air attacks are harder to do)

Develop an extension to the point-of-sale system that either uses a random string or takes a hash of some dynamic data and A) pass it to a RADIUS server connected to the AP and B) print it on the receipt. This would be the customer's dynamic access key and WPA passphrase. (Secondary benefit is this would put an end to freeloaders: no purchase = no access. Set the access to time-out after some length of time, like 2 hours.)

If the dynamic connection to the RADIUS server is too complicated, just generate a list of random keys for the day and upload it to the POS system with it every morning)

Optionally use an SSL captive portal as a second layer which crosschecks the entered key with some other verifiable dynamic data eg on the sales receipt.

The only unanswered question would be how to circumvent a rogue AP that masquerades as the real AP and collects passphrases. But I don't think the key exchange is vulnerable to that because all that's exchanged are hashes.

Answer 6

Even with WPA2/AES, someone can see the password, or if that is not possible, here is a simple way:-

1. See some people who come around daily.
2. Get some backdoors or rootkits for them. It would require skill but anything on same network/file share can be hacked.
3. Go in, connect to your internet, get the key, and voila.

As simple as that. So no amount of security will help, except using WPA-Enterprise with packet-filters (in other language, censor(ware)s), with no security hole(which is never possible, though) and providing free online(web-based) firewall and rootkit+backdoor+RAT(etc.) remover to other users, again with no security holes(as I said before).

Safety is just an illusion. As long as a machine can run, it can be hacked(if not on a network, then by hardware).