Notes From a Hacker: Yes, You Have to Use Your VPN – and Here’s Why

Right now, across the globe, there are millions of exasperated IT helpdesk workers on the phone with an equal number of frustrated colleagues who are working from home, some for the very first time. I don’t have exact numbers, but I’m willing to bet that the most common issue they’re discussing is problems logging onto a company’s virtual private network (VPN). From my own experience, at least some of those end users (maybe you included) are asking, “Do we really have to do this?” 

The answer is, yes, you do. And, because your IT team is likely overwhelmed right now, I’ll step in and share just a few reasons why a VPN helps keep your company safe from people like me.

The most common threat someone faces on unsecured WiFi networks is a man-in-the-middle (MitM) attack, where a hacker inserts himself into the data stream between two endpoints. You’ve probably been cautioned about public WiFi – coffee shops, airports, etc. – for that very reason.  Trust me, it will work on your home as well.

A successful MitM attack allows a bad guy to intercept or modify data in transit, including credentials or financial information. In fact, most wireless attacks are perpetrated with the goal of acquiring MitM access to user data. A VPN connection encrypts your data and makes it much harder for a hacker to steal.

MitM is similar to another threat known as the “Evil Twin” attack. This is sometimes referred to a rogue access point that exploits how wireless endpoints behave. When a phone, laptop, or tablet joins a wireless network, it will remember that connection. From that point forward, the endpoint will send out beacons looking for that network.

Unfortunately for you, it’s easier than you think to trick your devices. We can use tools such as Mana or the WiFi Pineapple to respond to create a fake access point. Your device will associate with it as though it was the legitimate network. From there we have a MitM and can intercept or modify data in flight, or even create fake captive portals to capture credentials.  

Other tools help attackers go after wireless networks directly by sending de-authentication packets, which cause devices to disconnect. When they attempt to reconnect to the network, they must re-authenticate. This process involves a four-way handshake in which a hashed form of the Pre-shared Key (PSK) is exchanged. A hacker can capture this handshake and attempt to crack it offline using tools such as Hashcat. If the hash is cracked, the PSK is revealed in cleartext.

The most widely used is the Aircrack-ng suite of tools which includes Airmon-ng for capturing wireless traffic, Aireplay for injecting wireless packets, and Aircrack for cracking the PSK. Other tools such as WiFite offer a menu-driven interface that automates a wide variety of attacks.

You may be thinking these tools are rare and hard to find, but that’s not the case. Both hardware and software are readily available and relatively cheap. They’re also very simple to set up and operate. 

My point is that it can be relatively easy for a hacker to compromise your home WiFi. By contrast, your IT security team has a number of safeguards in place to protect you and the company’s network from the tools and tactics I described above. Extending that protection to those working remotely is the reason you have to use your VPN.

Does that mean you can’t be hacked? Certainly not. But it does make my job a lot harder and it probably will cause me to move on – to another employee, another method of attack, or best case, another company.

Preferably one that doesn’t use a VPN for remote workers.

 

More posts