Category: Security & Privacy

Why you should make use of Virtual LAN (Guest Wi-Fi)

Posted on by Martin Brinkmann

Guest Wi-Fi, or more precisely virtual LAN, is a feature of many Internet routers. It adds another wireless networking option, which is fully separated from the main local network.

The term Guest Wi-Fi refers to one of its primary purposes: to allow guests to connect their devices to the Internet using a wireless connection. There is more to virtual LAN than that, however.

Many modern devices ask for Internet connectivity. Some work perfectly well without, but others require this connectivity to be of any use. Basic examples of devices that fall into the latter category include Amazon Fire TV and Alexa, most Google Home devices and most virtual assistant services.

Many devices support Internet connectivity; these can be printers, scanners or web cameras, but also a growing assortment of, often, perplexing devices that include toaster ovens, toothbrushes or refrigerators.

All of these devices are on the same local network by default, which is bad.

A story of a Printer, Amazon and Printer Ink emails

A user posted an interesting story on Hacker News the other day. They revealed that they have been receiving emails from Amazon about printer ink reorders frequently. Amazon knew about the printer and ink consumption, but the user did not know how.

The user had an Amazon Echo device connected to the local network. It turned out that Amazon’s device was picking up information that the printer provided to any device of the local network. In other words, Amazon knew when and what the user printed. It used the information to estimate printer ink use to send printer ink offers to the user.

Guest Wi-Fi may prevent this

Guest Wi-Fi connection on Android

The use of a virtual LAN might prevent this data leakage from happening. You would have to enable the guest Wi-Fi option in the router and connect one of the two devices to it.

Not all routers support virtual LAN functionality and some only with limited functionality. You may open the router’s dashboard on the local network to check if you find Guest Wi-Fi or a similarly named feature there.

The only step left is to connect the devices that you want to isolate to the new wireless network, effectively cutting it off from the local one.

These devices retain Internet connectivity, but they can’t communicate with devices that are not connected to the Guest Wi-fi anymore.

There may be other solutions, depending on setup. Some devices can be connected using cables. If you don’t require Internet connectivity for a device, say a printer, you could connect it using cables only. This would remove an attack vector as well.

The advantages and disadvantages of Guest Wi-Fi

Virtual networks offer several advantages over connecting all devices to a single network:

  • Connected devices are isolated from the rest of the network, which means that they are blocked from interacting with the home network. This offers several advantages:
    • The devices can’t collect personal data anymore from the main network.
    • Attacks that exploit issues in Guest Wi-Fi devices can’t penetrate the local network anymore.
  • Another key point is that you don’t need to share the main wireless LAN password with guests.
  • Last but not least, you may turn off wireless access for these devices at any time.

Even though Guest Wi-fi offers advantages, it is equally important to understand certain disadvantages.

  • Most routers support just a single virtual network. If you connect multiple devices to it, these devices may share information. Ideally, you’d put all IoT devices on a separate VLAN.
  • Some devices may require access to local data or other devices. If you want to cast from your PC to your TV, you need them on the same network. Others may flat out refuse to work without home network connection.
  • The configuration options of virtual networks may be limited.

Closing Words

It is a good idea to enable Guest Wi-Fi, if supported by the router. Some IoT device connections may be switched to improve security and privacy. While it may not be possible to migrate every device, it may also be a good idea to assess the status quo of all devices with Internet connectivity. Do all of these require an active Internet connection?

Now You: do you use Guest Wi-Fi on your network?

Stream-jacking Attacks are on the rise

Posted on by Martin Brinkmann

Stream-jacking attacks have gained some traction this year. These attacks hijack streaming accounts on popular sites to impersonate known brands and push crypto-scams.

BitDefender published an analysis of one of the larger attacks on its blog this week. The security company discovered a large operation that hijacked more than 1100 streaming video channels.

The hijacked channels had a median view count of more than 200000 views and a median subscriber count of more than 2200. The largest hijacked channel had a subscriber count of 9.9 million. The three largest hijacked channels view counts of more than 1 billion.

The attacker changed several of the channel names and handles to mimic official Tesla channels. Livestreams with officially sounding titles were streamed then to subscribers and others using old Tesla footage. The attacker displayed links to users to promote scams.

BitDefender writes:

Links propagated via hijacked YouTube channels promote a similar and well-known scam. The ruse involves sending any amount of cryptocurrency (Bitcoin, Ethereum, USDT, Dogecoin, BNB, Shiba Inu, etc.) and promises to send double the amount back to the scammed person. In rare cases, phishing links are written directly in the video.

BitDefender did not find any “old” videos of the channel, and the company suggests that these were either set to private ore deleted entirely by the attacker.

How the attack starts

Most attacks start with targeted phishing emails. The attacker creates well crafted emails, that often look like business opportunities. It could include information about a sponsorship deal or other form of collaboration.

Another popular email type informs the channel owner about copyright notices, which are fake.

The attackers try to use emails and email addresses that look legitimate to the untrained eye. It mimics “communications from trusted third-party vendors” or uses “email addresses that don’t raise immediate suspicion”, says BitDefender.

The goal of the attacker is to get the recipient of the email to download and execute a malicious file. Since security software may stop these before they are downloaded by the user, it is often inflated in size to prevent the scanning.

The software scans the system for valuable information, including cookies and session tokens. These may allow the attacker to take over the channel without knowing the account password.

How to protect yourself against Stream-jacking attacks

Stream-jacking attacks start like any other phishing attack. It is therefor essential to be able to identify phishing attacks.

Here are the essentials:

  • Emails that use non-personal greetings, e.g., without a name.
  • Emails that include attachments, especially if the file format looks dubious, e.g., .exe or .scv.
  • If the email address imitates that of a legitimate company, but not fully. Examples include using a different country extension or a slightly wrong spelling of the company name in the email address.

Other factors include spelling or grammar mistakes, prompts to take urgent action or offers that sound too good to be true.

One of the best protections is to avoid interacting with the email directly. Never open attachments if the sender is not trusted or you aren’t expecting an email with an attachment.

A good starting point is to do some research using a search engine. Try to find out if a company is legitimate or if others have worked with it in the past already.

Sometimes, all it may take is to sign-in to the account to check if an official notification is available. At other times, contacting a support representative of the streaming service may also help in the matter.