My view on Times of India article on WPA2 wireless security vulnerability; I plan to continue using JioFi 3 WiFi 4G Internet router for https sites

Thanks to Shri Deepak Bharwani for providing this article link: `Password-locked Wi-Fi prone to cyber attacks’ by Kim Arora, http://epaperbeta.timesofindia.com/Article.aspx?eid=31804&articlexml=Password-locked-Wi-Fi-prone-to-cyber-attacks-17102017001050, dated 17th Oct. 2017. Shri Bharwani provided the link in a comment on one of my previous Facebook posts on this matter.

The article quotes a cybersecurity expert as saying, “While you wait for an update, you can use your Wi-Fi in hidden mode. This doesn’t protect you completely , but is just an added security measure. Else, you could just use LAN for some time”.

Ravi: I was wondering about this. I think what he means is that one should change the WiFi router settings (via webadmin page) to NOT broadcast the SSID name. I did some browsing on the topic now. This article, Debunking Myths: Is Hiding Your Wireless SSID Really More Secure?, https://www.howtogeek.com/howto/28653/debunking-myths-is-hiding-your-wireless-ssid-really-more-secure/, dated 15th Aug. 2014 states that hidden SSID network names can be easily discovered using the right tools. In other words, a determined hacker can easily discover them. So I (Ravi) am not convinced about the suggestion of using Hidden SSID name for WiFi router to improve security.

However, I think that hidden SSID does have the feature of not letting non-hacker-type neighbours know that you are using a WiFi network. But it must be noted that it increases the effort involved in connecting to the hidden WiFi router (for the first time, I guess). I personally am not bothered by my neighbours seeing my WiFi router SSID (name) come up in their list of WiFi networks. They cannot connect to my WiFi router as it is password protected, unless they are extraordinarily lucky in guessing the password.

The Times of India (ToI) article quotes a Google spokesperson as saying in context of Android (WiFi) devices, “We’re aware of the issue, and we will be patching any affected devices in the coming weeks”. Note that JioFi 3 is an Android device. BTW I also saw in the webadmin info page of JioFi 3 router that the original manufacturer (or something like that) is Foxconn! So Reliance Jio may have got the manufacturing done by Foxconn, which is a Chinese company with factories in China and some other countries. Foxconn is well known as the key manufacturer of iPhones, at least in the past when Steve Jobs was boss of Apple.

The ToI article quotes a Microsoft spokesperson as saying, “We have released a security update to address this issue. Customers who apply the update, or have automatic updates enabled, will be protected. We continue to encourage customers to turn on automatic updates to help ensure they are protected”.

Ravi: I did a Check for Updates on my Windows 10 desktop PC, a little while back today. It reported that my system has the latest updates.

For my query to Jio about this matter (mentioned in earlier post) sent yesterday night (16th Oct. 2017, 9.37 PM), I received an automated message from Jio care then itself, that they will respond to it in the next 48 hours. I have not received any further message from them so far (it is around 1 PM now on 17th Oct. 2017).

I plan to continue to use https websites on my JioFi 3 WiFi 4G Internet router even though I am aware of the possible vulnerability in the JioFi WiFi router (Android device manufactured by Foxconn). I hope Jio/Foxconn/Google will provide a suitable update over the next few days that will fix this, now widely publicized, WPA WiFi security flaw that most probably affects the JioFi 3 Android WiFi 4G Internet router that I use.

This entry was posted in Misc. Bookmark the permalink.