Join our mailing list to receive the latest news and updates from our team.

<p>Thanks for signing up! :)</p>

read more.mapouter{overflow:hidden;height:500px;width:600px;}.gmap_canvas {background:none!important;height:500px;width:600px;}
Home / Technology / Why Wi-Fi Direct Isn’t as Secure as You Think

Why Wi-Fi Direct Isn’t as Secure as You Think

Posted on

Transferring data between two devices is often a time consuming mess. Cables, unreliable Bluetooth connections, and significant patience are all part of our collective suffering.

Fortunately, an alternative exists in the form of Wi-Fi Direct. Developed by the Wi-Fi Alliance, Wi-Fi Direct promises to deliver the speed of a traditional Wi-Fi network. Two devices are able to communicate directly, without the need of an internet connection.

Of course, no new technology is without downsides. According to research presented at Black Hat Europe 2017, Wi-Fi Direct may be compromising our security. In doing so, it unwittingly grants hackers an easy way into our digital lives—all in the pursuit of convenience.

How exactly does Wi-Fi direct make us vulnerable, and what can we do about it?

What Is Wi-Fi Direct?

Bluetooth has been around since 1994, and it was once considered the easiest, fastest solution for wireless file transfer. However, it wasn’t the best: speeds were slow and reliability was poor.

In the almost quarter of a century since, we’ve been propelled into the digital age, creating, consuming, and transferring files far larger than existed in 1994. The Wi-Fi Alliance thought they could help, and created Wi-Fi Direct—combining the ease of Bluetooth and the speed of Wi-Fi.

 

 

Although we associate Wi-Fi with the internet, it is actually a way to create a local wireless network. It just so happens that most of the time the Wi-Fi Access Point (AP) is connected to the internet. Wi-Fi Direct is not constrained by an internet connection. Instead it allows two devices to set up a peer-to-peer (P2P) Wi-Fi network, without the need for a wireless router.

Although it uses different technology, the reality is that Wi-Fi Direct is a lot like Bluetooth—except with speeds up to 250Mbps (ten times the speed offered by Bluetooth 4.0) and AES 256-bit encryption.

Wi-Fi Direct doesn’t need a wireless access point

Wi-Fi Direct devices can connect to each other without having to go through an access point, that is to say you don’t need to use your router.

This is because Wi-Fi Direct devices establish their own ad-hoc networks as and when required, letting you see which devices are available and choose which one you want to connect to.

Bluetooth

If you think that sounds very like Bluetooth, that’s because it is… only a lot faster.

Wi-Fi Direct is an official standard

It comes via the Wi-Fi Alliance, the global industry association in charge of certifying Wi-Fi kit. This means that you can be sure that any Wi-Fi Direct enabled technology has been set to work with all the others without the need for special hardware.

Wi-Fi Direct is Wi-Fi without the internet bit

The idea behind Wi-Fi Direct is that simple tasks need simple connections. Lets sat you want to print from your laptop or smartphone to a wireless printer, share images with someone sat across the room, or even send your holiday video from your phone to your TV.

None of these things require an active internet connection, or an internet connection at all, but they do need to connect – to the printer, or to the other person’s hardware, or to the TV. With Wi-Fi Direct, that bit’s easy.

Wi-Fi Direct uses Wi-Fi Protected Setup

Much like you have password protection on your home network, you don’t want any Thomas, Richard or Henry to be able to connect to your stuff. You won’t want to see what the neighbours are beaming to their TV on your TV nor do you want them being able to use your printer.

In order to prevent this, Wi-Fi Direct uses Wi-Fi Protected Setup [PDF] and WPA2 to prevent unauthorised connections thus keeping your communications private.

Pairing devices can be done in multiple ways; physical buttons – “press the button on gadget X and then the same one on gadget Y”, with PIN codes, QR Codes or even NFC.

Wi-Fi Direct knows what’s nearby

Wi-Fi Direct includes two potentially useful things: Wi-Fi Direct Device Discovery and Service Discovery. Devices won’t just know there are devices available; if developers have enabled it, your device will know what kind of devices are nearby and what’s on offer.

This means that if you’re trying to display an image, you’ll only see devices that you can beam images to; if you want to print, you’ll only see devices that are or that are connected to printers.

Crucially this can happen before you connect, so you don’t waste any time trying to connect so something that doesn’t do what you want it to do.

Wi-Fi Direct uses the same silicon

Manufacturers don’t need to add extra radios to their kit: the idea is to have Wi-Fi Direct as part of the standard Wi-Fi radio. It’s backwards compatible too, so you don’t need to throw out your old Wi-Fi-enabled kit.

The Wi-Fi alliance currently claims that more than 1,100 devices have been certified since October 2010, including televisions, smartphones, printers, PCs and tablets.

How It Works

Wi-Fi Direct uses a number of standards to accomplish its functions:

  • Wi-Fi: Wi-Fi Direct uses the same Wi-Fi technology that Wi-Fi-enabled devices use to communicate with wireless routers. A Wi-Fi Direct device can essentially function as an access point, and other Wi-Fi-enabled devices can connect directly to it. This is already possible with ad-hoc networking, but Wi-Fi Direct extends this feature with easy setup and discovery features.
  • Wi-Fi Direct Device and Service Discovery: This protocol gives Wi-Fi Direct devices a way to discover each other and the services they support before connecting. For example. a Wi-Fi Direct device could see all compatible devices in the area and then narrow down the list to only devices that allow printing before displaying a list of nearby Wi-Fi Direct-enabled printers.
  • Wi-Fi Protected Setup: When two devices connect to each other, they automatically connect via Wi-Fi Protected Setup, or WPS. We can only hope that device makers use a secure connection method for this WPS connection and not the extremely insecure WPS PIN method.
  • WPA2: Wi-Fi Direct devices use WPA2 encryption, which is the most secure way of encrypting Wi-Fi.

A Problem With Wi-Fi Direct’s Implementation

In practice, none of these technologies works in isolation. Many devices that support Wi-Fi Direct are also connected to a standard Wi-Fi network at the same time. Your home printer, for example, may be able to accept photos directly from your smartphone via Wi-Fi Direct, but it is also probably connected to your home network.

The ability for a device to connect to multiple networks concurrently is usually a positive one. It is also one of Wi-Fi Direct’s greatest vulnerabilities.

why wi-fi direct is insecure
Image Credit: Andrés Blanco

However, Wi-Fi Direct as a specification isn’t to blame. Instead, it is the implementation and poor security practices of the many device manufacturers that put you at risk.

This problem isn’t unique to Wi-Fi Direct. Indeed, it is a common weakness in IoT devices. Among the many examples presented by Andrés Blanco at Black Hat Europe, were printers from HP and Samsung, and a media streaming device from Western Digital.

Blanco used HP’s OfficeJet Pro 8710 as a case study. The printer supports Wi-Fi Direct, and is also able to accept concurrent connections to standard Wi-Fi networks. The printer’s security management includes; HTTPS, WPA2, 802.1x wireless authentication, PSK, and a firewall amongst other things.

After reading the specification sheet, you might be left thinking you’ve invested in a bulletproof device. The printer is setup as a P2P GO, so that it broadcasts its existence and allows other devices to connect to it.

why wi-fi direct is insecure
Image Credit: Andrés Blanco

The Wi-Fi Direct standard mandates that once a connection is requested, the devices then use the WPS connection protocol to establish the connection. The WPS pin is a numerical eight digit code, which is easily subjected to brute force attack. HP’s implementation of the WPS protocol is to automatically allow Wi-Fi Direct connections, using the default WPS password of ‘12345678’.

In effect, this allows anyone to establish a Wi-Fi connection to the printer, without any authentication or notification. The attacker then has full access to the printer—potentially including its print memory and history—as well as an entry point to the wider Wi-Fi network that the printer is connected to.

why wi-fi direct is insecure
Image Credit: Andrés Blanco

Another example of poor implementation can be found in the Western Digital TV Live Media Player. The device supported Wi-Fi Direct as standard, and it was automatically enabled, allowing anyone within range to connect.

The connected device then had full access to the remote control features, as well as the web server, and read/write access to the media server and all connected devices. All of these permissions were granted with no authentication or notification. Perhaps unsurprisingly, the WD TV Live was discontinued in 2016.

Is Wi-Fi Direct Really an Issue?

Many manufacturers claim that the vulnerabilities around Wi-Fi Direct aren’t a concern down to the protocol’s distance limitations of around 100m. Standard Wi-Fi networks also have a range of around 100m and this does little to prevent attacks.

The Wi-Fi Direct protocol has flaws. However, as is the case across the tech industry, the main flaws come from hardware manufacturers doing little to secure their devices.

Eager to part you with your hard-earned cash, technological developments are rebranded as features, but with no time invested in securing them. As the vulnerabilities differ by device, the best you can do is be aware of the devices on your network.

When setting up a device change the default settings, disable insecure features, and make your network secure. Until companies are forced to face the cost of their poor security standards, it’s left to us as users to prevent the damage they cause.

 

Sources:
TechRadar
Make Use Of
How to Geek

 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Top
%d bloggers like this: