2 min read

NSA Releases Guidance on Securing Wireless Devices While in Public

Filip TRUȚĂ

August 03, 2021

NSA Releases Guidance on Securing Wireless Devices While in Public

The National Security Agency (NSA) is addressing the general population with an information sheet containing guidance on securing wireless devices while out and about. The guidance also addresses government workers, critical infrastructure workers, and everyone else.

NSA’s guidance on Securing Wireless Devices in Public Settings covers “malicious techniques used by cyber actors to target wireless devices and ways to protect against it.”

“To ensure data, devices, and login credentials remain secure and uncompromised, cybersecurity is a crucial priority for users and businesses. This includes identifying higher-risk public networks and implementing security best practices while in public settings, whether connecting laptops, tablets, mobile phones, wearable accessories, or other devices with the ability to connect to the internet,” according to the document.

Using public WiFi, for instance, may open data and devices to compromise, as cybercriminals employ malicious access points, redirect to malicious websites, inject malicious proxies, and eavesdrop on network traffic, the agency notes.

“If users choose to connect to public Wi-Fi, they must take precautions,” the document reads. “Data sent over public Wi-Fi—especially open public Wi-Fi that does not require a password to access— is vulnerable to theft or manipulation. Even if a public Wi-Fi network requires a password, it might not encrypt traffic going over it. If the Wi-Fi network does encrypt the data, malicious actors can decrypt it if they know the pre-shared key.”

Malicious actors may coerce the network into using insecure protocols or obsolete encryption algorithms, or they can set up a fake access point, also known as an evil twin, to mimic the nearby expected public WiFi, giving the actor access to all data sent over the network.

Unencrypted network traffic or traffic that is easily decrypted can also be captured using open-source tools, exposing sensitive data, the NSA warns.

“If connecting to a public Wi-Fi network, NSA strongly advises using a personal or corporate-provided virtual private network (VPN) to encrypt the traffic,” the guidance reads. “In addition, users should incorporate secure browsing methods, such as only accessing websites that use Hypertext Transfer Protocol Secure (HTTPS).”

The document also covers the secure use of Bluetooth and NFC protocols, and offers a comprehensive list of Do’s and Don’ts as “complete security is never guaranteed,” according to the agency.

These tips include patching devices and their underlying software with the latest fixes, enabling multi-factor authentication, and using security solutions. Users are also told to consider additional security measures, including limiting/disabling device location features, creating strong device passwords, and only using trusted device accessories, such as original charging cables.

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Researcher Publishes Proof-of-Concept Code and Details for Three Zero-Day iOS 15 Vulnerabilities Researcher Publishes Proof-of-Concept Code and Details for Three Zero-Day iOS 15 Vulnerabilities
Silviu STAHIE

September 24, 2021

1 min read
Microsoft Finds Large Phishing-as-a-Service Operation Selling Over 100 Kits Microsoft Finds Large Phishing-as-a-Service Operation Selling Over 100 Kits
Silviu STAHIE

September 24, 2021

1 min read
US Targets Major Crypto Exchange with Sanctions US Targets Major Crypto Exchange with Sanctions
Silviu STAHIE

September 24, 2021

1 min read