Transferring data between two devices is often a time consuming mess. Cables, unreliable Bluetooth connections, and significant patience are all part of our collective suffering.
Fortunately, an alternative exists in the form of Wi-Fi Direct. Developed by the Wi-Fi Alliance, Wi-Fi Direct promises to deliver the speed of a traditional Wi-Fi network. Two devices are able to communicate directly, without the need of an internet connection.
Of course, no new technology is without downsides. According to research presented at Black Hat Europe 2017, Wi-Fi Direct may be compromising our security. In doing so, it unwittingly grants hackers an easy way into our digital lives—all in the pursuit of convenience.
How exactly does Wi-Fi direct make us vulnerable, and what can we do about it?
What Is Wi-Fi Direct?
Bluetooth has been around since 1994, and it was once considered the easiest, fastest solution for wireless file transfer. However, it wasn’t the best: speeds were slow and reliability was poor.
Although we associate Wi-Fi with the internet, it is actually a way to create a local wireless network. It just so happens that most of the time the Wi-Fi Access Point (AP) is connected to the internet. Wi-Fi Direct is not constrained by an internet connection. Instead it allows two devices to set up a peer-to-peer (P2P) Wi-Fi network, without the need for a wireless router.
Wi-Fi Direct doesn’t need a wireless access point
Wi-Fi Direct devices can connect to each other without having to go through an access point, that is to say you don’t need to use your router.
This is because Wi-Fi Direct devices establish their own ad-hoc networks as and when required, letting you see which devices are available and choose which one you want to connect to.
If you think that sounds very like Bluetooth, that’s because it is… only a lot faster.
Wi-Fi Direct is an official standard
It comes via the Wi-Fi Alliance, the global industry association in charge of certifying Wi-Fi kit. This means that you can be sure that any Wi-Fi Direct enabled technology has been set to work with all the others without the need for special hardware.
Wi-Fi Direct is Wi-Fi without the internet bit
The idea behind Wi-Fi Direct is that simple tasks need simple connections. Lets sat you want to print from your laptop or smartphone to a wireless printer, share images with someone sat across the room, or even send your holiday video from your phone to your TV.
None of these things require an active internet connection, or an internet connection at all, but they do need to connect – to the printer, or to the other person’s hardware, or to the TV. With Wi-Fi Direct, that bit’s easy.
Wi-Fi Direct uses Wi-Fi Protected Setup
Much like you have password protection on your home network, you don’t want any Thomas, Richard or Henry to be able to connect to your stuff. You won’t want to see what the neighbours are beaming to their TV on your TV nor do you want them being able to use your printer.
In order to prevent this, Wi-Fi Direct uses Wi-Fi Protected Setup [PDF] and WPA2 to prevent unauthorised connections thus keeping your communications private.
Pairing devices can be done in multiple ways; physical buttons – “press the button on gadget X and then the same one on gadget Y”, with PIN codes, QR Codes or even NFC.
Wi-Fi Direct knows what’s nearby
Wi-Fi Direct includes two potentially useful things: Wi-Fi Direct Device Discovery and Service Discovery. Devices won’t just know there are devices available; if developers have enabled it, your device will know what kind of devices are nearby and what’s on offer.
This means that if you’re trying to display an image, you’ll only see devices that you can beam images to; if you want to print, you’ll only see devices that are or that are connected to printers.
Crucially this can happen before you connect, so you don’t waste any time trying to connect so something that doesn’t do what you want it to do.
Wi-Fi Direct uses the same silicon
Manufacturers don’t need to add extra radios to their kit: the idea is to have Wi-Fi Direct as part of the standard Wi-Fi radio. It’s backwards compatible too, so you don’t need to throw out your old Wi-Fi-enabled kit.
The Wi-Fi alliance currently claims that more than 1,100 devices have been certified since October 2010, including televisions, smartphones, printers, PCs and tablets.
How It Works
Wi-Fi Direct uses a number of standards to accomplish its functions:
- Wi-Fi: Wi-Fi Direct uses the same Wi-Fi technology that Wi-Fi-enabled devices use to communicate with wireless routers. A Wi-Fi Direct device can essentially function as an access point, and other Wi-Fi-enabled devices can connect directly to it. This is already possible with ad-hoc networking, but Wi-Fi Direct extends this feature with easy setup and discovery features.
- Wi-Fi Direct Device and Service Discovery: This protocol gives Wi-Fi Direct devices a way to discover each other and the services they support before connecting. For example. a Wi-Fi Direct device could see all compatible devices in the area and then narrow down the list to only devices that allow printing before displaying a list of nearby Wi-Fi Direct-enabled printers.
- Wi-Fi Protected Setup: When two devices connect to each other, they automatically connect via Wi-Fi Protected Setup, or WPS. We can only hope that device makers use a secure connection method for this WPS connection and not the extremely insecure WPS PIN method.
- WPA2: Wi-Fi Direct devices use WPA2 encryption, which is the most secure way of encrypting Wi-Fi.
A Problem With Wi-Fi Direct’s Implementation
In practice, none of these technologies works in isolation. Many devices that support Wi-Fi Direct are also connected to a standard Wi-Fi network at the same time. Your home printer, for example, may be able to accept photos directly from your smartphone via Wi-Fi Direct, but it is also probably connected to your home network.
The ability for a device to connect to multiple networks concurrently is usually a positive one. It is also one of Wi-Fi Direct’s greatest vulnerabilities.
However, Wi-Fi Direct as a specification isn’t to blame. Instead, it is the implementation and poor security practices of the many device manufacturers that put you at risk.
Blanco used HP’s OfficeJet Pro 8710 as a case study. The printer supports Wi-Fi Direct, and is also able to accept concurrent connections to standard Wi-Fi networks. The printer’s security management includes; HTTPS, WPA2, 802.1x wireless authentication, PSK, and a firewall amongst other things.
After reading the specification sheet, you might be left thinking you’ve invested in a bulletproof device. The printer is setup as a P2P GO, so that it broadcasts its existence and allows other devices to connect to it.
The Wi-Fi Direct standard mandates that once a connection is requested, the devices then use the WPS connection protocol to establish the connection. The WPS pin is a numerical eight digit code, which is easily subjected to brute force attack. HP’s implementation of the WPS protocol is to automatically allow Wi-Fi Direct connections, using the default WPS password of ‘12345678’.
In effect, this allows anyone to establish a Wi-Fi connection to the printer, without any authentication or notification. The attacker then has full access to the printer—potentially including its print memory and history—as well as an entry point to the wider Wi-Fi network that the printer is connected to.
Another example of poor implementation can be found in the Western Digital TV Live Media Player. The device supported Wi-Fi Direct as standard, and it was automatically enabled, allowing anyone within range to connect.
The connected device then had full access to the remote control features, as well as the web server, and read/write access to the media server and all connected devices. All of these permissions were granted with no authentication or notification. Perhaps unsurprisingly, the WD TV Live was discontinued in 2016.
Is Wi-Fi Direct Really an Issue?
The Wi-Fi Direct protocol has flaws. However, as is the case across the tech industry, the main flaws come from hardware manufacturers doing little to secure their devices.
Eager to part you with your hard-earned cash, technological developments are rebranded as features, but with no time invested in securing them. As the vulnerabilities differ by device, the best you can do is be aware of the devices on your network.