Research

WiFi study in Dubai

Why in Dubai? First, I was there recently.  Second,  Dubai has become one of the most important cities in the world for holding IT conferences.

All statistics are based on around 3 thousand found WiFi access points.  Let’s begin with the channels Dubai’s WiFi is running on:

It’s logical to see that channel 6 and 11 are used widely; they’re often the channels used by default by access point vendors. The interesting thing is to see that channel 13 is the second most used channel in the city. Just FYI, the use of this channel is prohibited in the United States of America, but it’s allowed in most parts of the world. Channel 13 is being used in 802.11g/n networks, which shows that most of the access point in Dubai are new and probably use the 802.11n standard.

Since most of the hardware is modern it would be logical to conclude that the encryption in Dubai WiFi networks must be WPA2, right? But unfortunately this is not true.

Indeed, WPA2 is the least-used encryption method. Most of the networks are open. Maybe in those networks some additional security filters are applied, like authorization by MAC address or via captive portals. However, such networks can’t be called secure and if a user doesn’t have their own VPN connection their data can be at risk.

Another interesting point is that many SSID names are hidden and not broadcast publicly.

Maybe this is another reason why WiFi administrators in Dubai think their networks don’t need WPA2 encryption. If they think so, they are mistaken, since there are techniques which allow to hidden SSIDS to be revealed. And if we think about MAC filtering as a security concept, any MAC address can be sniffed and then spoofed. So it’s not a good security approach.

Finally if we look at the most popular vendors of access points in Dubai, we can highlight three of the biggest: Cisco, Linksys (which is also a subsidiary of Cisco) and Aruba networks share half of the market in Dubai:

There are other players, but not as significant as the three mentioned above.

You may know that many VPN services are prohibited in Dubai.  So if an attacker is able to open a non-protected WiFi network, it exposes  users and their sensitive data.

As we have seen, the hardware used in access points allows better security management, but it looks like there is no a good practice or policy to enforce this. It exposes users’ sensitive data to many kind of network attacks.

WiFi study in Dubai

Your email address will not be published. Required fields are marked *

 

Reports

APT trends report Q3 2021

The APT trends reports are based on our threat intelligence research and provide a representative snapshot of what we have discussed in greater detail in our private APT reports. This is our latest installment, focusing on activities that we observed during Q3 2021.

Lyceum group reborn

According to older public researches, Lyceum conducted operations against organizations in the energy and telecommunications sectors across the Middle East. In 2021, we have been able to identify a new cluster of the group’s activity, focused on two entities in Tunisia.

GhostEmperor: From ProxyLogon to kernel mode

While investigating a recent rise of attacks against Exchange servers, we noticed a recurring cluster of activity that appeared in several distinct compromised networks. With a long-standing operation, high profile victims, advanced toolset and no affinity to a known threat actor, we decided to dub the cluster GhostEmperor.

Subscribe to our weekly e-mails

The hottest research right in your inbox