NSA Reports Rise in Publicly Known and Active Wi-Fi Attacks

Share this blog

The United States National Security Agency (NSA) recently released a Cybersecurity Information Sheet, “Securing Wireless Devices in Public Settings,” outlining the risks and recommended security best practices for users accessing public WiFi networks. The document provides reasonable recommendations for users in organizations that have not taken proactive measures to detect and mitigate risks via mobile threat defense (MTD) solutions. Indirectly, the infosheet also reinforces the value and necessity for MTD to protect mobile endpoints, users, and access.

As a security professional dedicated to protecting the federal and local governments of the United States, I wanted to share my thoughts about key messages and recommendations contained in the infosheet. Overall, I would break those thoughts down into these:

  • The NSA confirms that mobile threats–from malicious WiFi networks to malware–are a clear and present danger;
  • The NSA provides solid recommendations for users in organizations that have not adopted mobile threat defense (MTD), but they are very manual and hard to scale; and
  • Organizations need an automated MTD solution that does not depend on users to combat mobile attacks and attackers.

While I applaud the NSA for recognizing that mobile threats are real, I believe the solution should go beyond educating users to provide the same caliber of automated protection of mobile devices as we have for traditional endpoints.

Mobile Threats: A Clear & Present Danger

Before diving into a few details from the infosheet, I want to ensure that no one misses the NSA’s key point about the macro threat landscape. When it comes to network-based and other attacks against mobile devices, the NSA clearly states, “The risk is not merely theoretical; these malicious techniques are publicly known and in use.”

According to the infosheet, “Accessing public WiFi hotspots may be convenient to catch up on work or check email, but public WiFi is often not configured securely. Using these networks may make users’ data and devices more vulnerable to compromise, as cyber actors employ malicious access points (Masquerading [T1036]1), redirect to malicious websites, inject malicious proxies, and eavesdrop on network traffic (Network Sniffing [T1040]).”

The infosheet goes on to state additional details about the risks and threats, including but not limited to:

  • Data sent over public WiFi—especially open public WiFi that does not require a password to access— is vulnerable to theft or manipulation.
  • Malicious actors can decrypt encrypted traffic if they know the pre-shared key.
  • Malicious actors can also sometimes coerce the network into using insecure protocols or obsolete encryption algorithms.
  • Malicious actors can set up a fake access point, also known as an evil twin, to mimic the nearby expected public WiFi, resulting in that actor having access to all data sent over the network.

NSA Best Practices: Solid, but Manual & Not Scalable

NSA provides reasonable recommendations for users in agencies that have not adopted mobile threat defense (MTD), but they are very manual and hard to scale. While the intention is excellent, I believe that putting the responsibility squarely on users will not succeed in the long run.

“This infosheet gives National Security System (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) users the best practices for securing devices when conducting business in public settings. It describes how to identify potentially vulnerable connections and protect common wireless technologies, and lists steps users can take to help secure their devices and data. While these best practices cannot ensure data and devices are fully protected, they do provide protective measures users can employ to improve their cybersecurity and reduce their risks.”

The infosheet has a nice table of “Do’s and Don’ts” that has numerous recommendations for users, including:

  • Avoid connecting to public WiFi, when possible, as there is an increased risk when using public WiFi networks.
  • If connecting to a public WiFi network, NSA strongly advises using a personal or corporate-provided virtual private network (VPN) to encrypt the traffic.
  • Keep software and applications updated with the latest patches.
  • Use anti-virus/anti-malware software (if applicable).

While the recommendations are excellent and pragmatic, they are only the first step in real protection. For as long as cybersecurity has existed, human beings have created the most risk in organizations. Users fall for phishing attacks, download malicious apps, open unsafe attachments, and the list goes on. Training users is a pragmatic step, but advanced and automated attacks need advanced and automated prevention. In this case, organizations need MTD solutions. And no one offers a more proven enterprise-grade MTD solution than Zimperium.

Real Protection: Automated & Scalable with Zimperium

As the NSA has made clear, the threats are real, so the solution should be too. Agencies need an automated solution that does not depend on users to combat mobile attacks and attackers. No MTD provider protects more governments and enterprises than Zimperium. Please take a moment to read how we were selected to protect mobile users of the U.S. Department of Defense. Using my lists from above, here is a snapshot of how Zimperium zIPS addresses some of the threats the NSA is warning agencies to address:

Threat or Issue How zIPS Automatically Addresses (Examples)
WiFi that does not require a password Detects unsecured networks, alerting user with proactive recommendations
Unencrypted WiFi network Creates on-demand VPN
Decrypting encrypted traffic Detects attempts to strip SSL and alerts the user and security console
Fake access points Detects fake (rogue) access points, alerting user with proactive steps
Malicious apps Detects known and unknown malware, alerting user and preventing exploit, and reporting to security console
Vulnerable devices Identifies devices on outdated/vulnerable operating systems and alerts user and security console

Please contact us today for more information on how Zimperium zIPS can bring advanced, on-device detection and protection to your agency.


Zimperium, the global leader in mobile security, offers the only real-time, on-device, machine learning-based protection against Android, iOS, and Chromebook threats. Powered by z9, Zimperium provides protection against the device, network, phishing, and malicious app attacks. For more information or to schedule a demo, contact us today.

Jim Kovach
Author: Jim Kovach
Mobile Security Specialist, Public Sector. View the author's experience and accomplishments on LinkedIn.

Get started with Zimperium today