Vulnerabilities associated with Wi-Fi protected setup in a medical environment

Authors

Daniel Costantin, Edith Cowan UniversityFollow
Krishnun Sansurooah, Edith Cowan UniversityFollow
Patricia A.H. Williams

Document Type

Conference Proceeding

Publication Title

ACSW '17: Proceedings of the Australasian Computer Science Week Multiconference

Publisher

Association for Computing Machinery

School

School of Science

RAS ID

26091

Comments

Costantin, D., Sansurooah, K., & Williams, P. A. H. (2017). Vulnerabilities associated with wi-fi protected setup in a medical environment. In Proceedings of the Australasian Computer Science Week Multiconference (article 58). Association for Computing Machinery. Available here

Abstract

Developed in the mid-2000s by the Wi-Fi Alliance, the Wi-Fi Protected (WPS) protocol assists configuration of mobile and wireless networks. Its development grew from the needs of less technology knowledgeable end-users to be able to setup wireless networks, primarily for the home environment. However, the technology is also used by small to medium sized businesses including medical environments and this presents multiple security vulnerabilities. WPS can employ four different types of authentication, with the PIN method the most popular. Consequently, Near Field Communication (NFC), Push Button, and USB are less documented and arguable less understood by users. This research describes in detail the methods and their vulnerabilities, and uses controlled experiments to test the security vulnerabilities of WPS authentication and how they can be exploited. The research suggests that a multi-faceted approach to mitigation and elimination of the vulnerabilities of WPS is warranted. Such an approach includes: education for end-users in the vulnerabilities and what precautions they should use to mitigate these; improvement in lockout policy implementation by vendors; and for the Wi-Fi Alliance to consider review of the vendor certification regarding lockout policy during attack detection. The balance between ease of use and security is a common problem, however the breaches in security in a medical environment can have many detrimental impacts for the healthcare provider organisation as well as for the patient including potential impact on patient safety and the reputation of the medical institution.

DOI

10.1145/3014812.3014872

Access Rights

subscription content