As you probably realize, right this minute your computers are being bombarded with WiFi signals. Where ever you are, whatever you are doing, WiFi signals are making the electrons in your device cycle back and forth. That’s just a fact of life, and you should assume it is happing every second of the day. In many cases, you can see which WiFi signals are pinging your device by looking at your WiFi settings. For example, here is a screenshot of available networks I can see under the WiFi menu on my Mac: All these signals have clearly identified themselves. One of them is the current name of one of my own signals (I like to bring my own network, for security reasons). You can find out more on each of these networks. You can do that using utilities that already come with your computer. For example, if you are on a Mac, you can hold down the option key and click on the WiFi menu to see some extra diagnostics tools. You can use this to learn more. But it takes time to learn this and is actually hard for most of us to understand. My recommendation for MacOS users is to download a specialized app that provides information on the WiFi environment in a more friendly way. My favorite app for this purpose is WiFi Explorer. It is easy to use, and not only does it tell you what open WiFi signals are hitting your antenna but it provides the data in a layout that makes it easy to understand. The bad news is that it will not display hidden networks. This is due to Apple’s official framework for wi-fi scanning (CoreWLAN), which does not provide any information on hidden networks. Security professionals can find these but are generally going to use either Windows or Linux based tool suites to do that. However, WiFi Explorer will find and display the information of a hidden network if your Mac computer is associated (connected) to it (if you already know about it). Here is more about how WiFi Explorer describes themselves:
WiFi Explorer is a Mac utility that allows you to scan, monitor, and troubleshoot wireless networks. It gathers configuration and capability information about all the networks it discovers and presents it on an easy-to-use, intuitive user interface. Information includes network name (SSID), BSSID, vendor, channel, band, security configuration, supported data rates, and much more. It supports 802.11b/g/n networks in the 2.4 GHz frequency band, as well as 802.11a/n/ac in the 5 GHz frequency band.
I’m currently at a conference at a hotel. Having just checked out the conference WiFi I see it really has no security. I already know if I do anything on this network I run the risk of revealing much more information about me than I should. But I’m a gutsy guy and am going to dive in. I’m joining the network (I bring my own network, but I want to get some sample data for this blog post). After joining the network there are other scanning tools to use. For the Mac, my favorite is: IP Scanner Pro. This app does not do anything aggressive. It does not hack or crack or do any damage, it just provides information that everyone else on the network can see as well. But after a quick run I can now see there over over 350 other devices on the network. Since IP Scanner Pro has a database of devices and hardware information I can tell what types of devices are on the network. Also, since many people name their devices with their own name I can frequently see Firstname, Lastname and Device Name, like: “Bob Gourley’s iPad”. That’s no big deal, unless you consider your name and what your device is as private information. Many people do not realize that this information is being broadcast to the world. IP Scanner Pro provides far more power to learn about the environment. For example, for any device found on a network it can be scanned to see if it has any common open connections and can be probed for other weaknesses. This really just provides information that any power user could find out using a terminal window and common admin tools on their device, but it provides it quickly and easily and also adds in information from their hardware database. The key point here is not that you should be scanning everyone’s devices when you are on the WiFi at a conference (or hotel or coffee shop), but that others can be scanning you! My recommendation is don’t join networking like this! Or if you do then exercise caution. And make sure your device is patched. Here is how IP Scanner Pro describes their tool:
IP Scanner Pro for Macintosh scans your local area network to determine the identity of all machines and internet devices on the LAN. Powerful results, yet easy and intuitive to use. IP Scanner can be used in several primary modes: as a way to get a quick overview of which devices are currently on the network, including seeing which devices are actively and passively present, or view network changes over time with IP Scanner’s ‘cumulative mode’, including options to display devices which were once present but now no longer visible.
- FingBox Gives You Network Superpowers: Network security that contributes to physical security
- Bob Gourley Interviews Cyber Tech Titan Richard Bejtlich On Enterprise Cybersecurity Lessons Learned
- Please Spread The Word: Cybersecurity Scholarships From (ISC)² and the Center for Cyber Safety and Education
- PFP Cybersecurity: Providing iron-clad identity for any device and detecting any anomalous behavior
- What Is DNSSEC and Why Is It Important?
- An OODAcast Conversation with Dr. David Bray of the Atlantic Council Geotech Center (Part One) - April 3, 2020
- OODAcast– A Conversation with Dan Gerstein - April 1, 2020
- Update on The End Coronavirus Project and Need for Volunteers - March 28, 2020