Watch out for free Wi-Fi: government urges workers to avoid public networks
Cyber security experts have long warned of the dangers of the public internet in coffee shops, airports, hotel rooms, and the like. At conferences like Black Hat, where government officials are looking for new hires this week, exposing vulnerabilities in mobile devices is sort of a sporting event. Some attendees rejoice in revealing the contents of a visitor’s phone on a large screen for all to see. This is a clear reminder that connecting to a public Wi-Fi network, or activating Bluetooth connections, or even the ability to make a purchase by pressing a reader with a phone, is an invitation to view unencrypted data. by anyone.
And then there is the risk of being falsified. Without citing specific incidents, the NSA warning includes a warning that criminals or foreign intelligence agencies can set up open Wi-Fi systems that appear to be from a hotel or cafe. , but are actually “an evil twin, to mimic the public Wi-Fi expected nearby.” (When State Department officials negotiated the Iran nuclear deal in 2014 and 2015, many powers – from Iranians to Israelis – deployed such systems in hotels where negotiations were underway, officials warned. Americans at the time.)
The National Security Agency’s warning was not prompted by a recent increase in the number of criminals or nation-state adversaries using the public internet to steal information or organize hacks, officials said. Instead, it appears to be part of a dramatically accelerated effort by the U.S. government to raise awareness of a range of electronic vulnerabilities in recent months.
President Biden recently issued an executive order requiring software vendors that sell to the federal government to adhere to a series of cybersecurity standards. It also requires federal agencies to use two-factor authentication, in the same way that consumers receive a text message, with a code, from their bank before accessing their account.
Speaking at the Aspen Security Forum on Wednesday, Anne Neuberger, deputy national security adviser for cyber and emerging technologies, reiterated her frequent warning that the administration must make up for lost time by persuading the public and companies adopt protections that should have been in place years ago. She said a key part of the administration’s strategy was to “disrupt the ecosystem” that has made ransomware such a profitable business, and acknowledged that the state of US defenses and its resistance to attacks were still “Insufficient”.