Vulnerabilities associated with Wi-Fi protected setup in a medical environment
ACSW '17: Proceedings of the Australasian Computer Science Week Multiconference
Association for Computing Machinery
School of Science
Developed in the mid-2000s by the Wi-Fi Alliance, the Wi-Fi Protected (WPS) protocol assists configuration of mobile and wireless networks. Its development grew from the needs of less technology knowledgeable end-users to be able to setup wireless networks, primarily for the home environment. However, the technology is also used by small to medium sized businesses including medical environments and this presents multiple security vulnerabilities. WPS can employ four different types of authentication, with the PIN method the most popular. Consequently, Near Field Communication (NFC), Push Button, and USB are less documented and arguable less understood by users. This research describes in detail the methods and their vulnerabilities, and uses controlled experiments to test the security vulnerabilities of WPS authentication and how they can be exploited. The research suggests that a multi-faceted approach to mitigation and elimination of the vulnerabilities of WPS is warranted. Such an approach includes: education for end-users in the vulnerabilities and what precautions they should use to mitigate these; improvement in lockout policy implementation by vendors; and for the Wi-Fi Alliance to consider review of the vendor certification regarding lockout policy during attack detection. The balance between ease of use and security is a common problem, however the breaches in security in a medical environment can have many detrimental impacts for the healthcare provider organisation as well as for the patient including potential impact on patient safety and the reputation of the medical institution.