meshDETECT, Secure Prison Cell Phone Solutions ™
meshDETECT, Secure Prison Cell Phone Solutions ™

The Risks Of WiFi Deployment In Prisons

prison-wifi-risksWith Global Tel*Link all but announcing at the recent Corrections Technology Association Annual Meeting its intention to offer mobile services in prisons, now may be the time to consider the best technology architecture for such deployments for those prison administrators who see the potential benefits of a secure prison cell phone solution.

There are essentially two ways to provision wireless personal communication devices, such as prisoner tablets, in a prison environment. In its presentation, Global Tel*Link stated that it has chosen to deploy service using WiFi to provide wireless connectivity. We think there are some significant operational challenges and, more importantly, serious security risks in this approach.

Security Risks

There are two main security risks, as highlighted by the recent news articles below. The first is the potential for intentional hacking of the system, either internally by tech savvy prisoners, or externally by those determined to defeat the WiFi security controls in order to gain or grant unfettered access to Global Tel*Link services, connected prison systems (commissary and trust accounts, etc.) or the unfiltered internet. A very real challenge with the decision to deploy a prison WiFi network is external hackers “wardriving” the system from outside the prison facility in order to accomplish this.

The second risk is the unintentional granting of access to the internet due to incompetence, human error and service misconfiguration.

In either case, the deployment of a local access wireless network via WiFi means that a single security breach, password hack or incompetent admin may result in unsecured and unmonitored access to internal prison systems and the outside world for all devices on the network.

In contrast, meshDETECT uses the traditional telco mobile network to provide secure voice and media services. Any breach, should it occur, is limited to a single device. If a device is hacked, a risk Global Tel*Link will also have to manage, one detainee may benefit; but no one can hack AT&T, Verizon, etc. in such a way to give all the meshDETECT mobile devices deployed in a prison unfettered access to the internet, or unmonitored calls to harass outside parties and plan crimes.

Technology choices in the deployment of a secure prison mobile access network service must focus on security, not profitability.

Operational Challenges

Now lets look at the operational challenges associated with deploying WiFi within a prison facility:

  • Low powered – hand held devices maximum output is normally 0.4 Watt.
  • Signal can suffer interference from other devices such as two way radios used by staff.
  • Best when there is line of sight between transponders.
  • Does not penetrate solid mass – concrete, brick, metal – the less porous the material the shorter the range and the slower the speed. Prison construction is high density blocks and cell doors are often clad in metal with metal surrounds.
  • Tinted / reflective glass contains metal fragments resulting in drop in signal strength.
  • Security fencing can act as a Faraday cage and ground the signal.

It is clear that achieving adequate WiFi signal coverage and application data throughput at a reasonable cost of installation is a challenge in this unique environment. Ongoing equipment maintenance expense as well as repair cost due to vandalism must also be considered when looking at the total cost of this approach.

In contrast, as evidenced by the high number of contraband devices and continued use of smuggled cell phones in jails and prisons globally, cellular signal strength and coverage is typically more than adequate, with no onsite equipment required. Additionally, 4G LTE (and soon 5G) cellular may be much faster than a WiFI network with an undersized or overburdened connection to the Internet (designed for coverage versus designed for capacity).

Real World Examples

WiFi vulnerability may leave millions of devices open to ‘frag attacks’

A security researcher known for pointing out faults in WiFi security has discovered another vulnerability. The newly unearthed flaws, known as “frag attacks,” are believed to be widespread as they stem from the WiFi standard, with some bugs dating back to 1997. While several additional vulnerabilities are caused by programming mistakes in WiFi products and affect every WiFi device, Belgian security researcher Mathy Vanhoef wrote on his blog.

Theoretically, if exploited, the vulnerabilities would allow an attacker within radio range to steal user information or attack devices. But, the chances of the flaws being abused should be low as the attacks require user interaction or uncommon network settings.

Breaking down how they work, Vanhoef explained that several of the flaws can be abused to “easily inject” plaintext frames into a protected Wi-Fi network,” along with certain devices accepting “plaintext aggregated frames that look like handshake messages.” This can be used to intercept traffic by tricking the victim into using a malicious DNS server, the researcher noted. In experiments, Vanhoef found that two out of four tested home routers were affected by this vulnerability, along with several IoT devices and some smartphones.

Other vulnerabilities are linked to the process by which the WiFi standard breaks and then reassembles network packets, allowing an attacker to siphon data by injecting their own malicious code during this operation.


A Flaw in Billions of Wi-Fi Chips Let Attackers Decrypt Data

Billions of devices—many of them already patched—are affected by a Wi-Fi vulnerability that allows nearby attackers to decrypt sensitive data sent over the air, researchers said on Wednesday at the RSA security conference. Affected devices include iPhones, iPads, Macs, Amazon Echos and Kindles, Android devices, and various Wi-Fi routers.

The vulnerability exists in Wi-Fi chips made by Cypress Semiconductor and Broadcom, the latter a chipmaker Cypress acquired in 2016. The affected devices include iPhones, iPads, Macs, Amazon Echos and Kindles, Android devices, and Wi-Fi routers from Asus and Huawei, as well as the Raspberry Pi 3. Eset, the security company that discovered the vulnerability, said the flaw primarily affects Cypress’ and Broadcom’s FullMAC WLAN chips, which are used in billions of devices. Eset has named the vulnerability Kr00k, and it is tracked as CVE-2019-15126.

Manufacturers have made patches available for most or all of the affected devices, but it’s not clear how many devices have installed the patches. Of greatest concern are vulnerable wireless routers, which often go unpatched indefinitely.


Serious flaws leave WPA3 vulnerable to hacks that steal Wi-Fi passwords

The next-generation Wi-Fi Protected Access protocol released 15 months ago was once hailed by key architects as resistant to most types of password-theft attacks that threatened its predecessors. On Wednesday, researchers disclosed several serious design flaws in WPA3 that shattered that myth and raised troubling new questions about the future of wireless security, particularly among low-cost Internet-of-things devices.

Every Wi-Fi network at risk of unprecedented ‘Krack’ hacking attack

Every Wi-Fi connection is potentially vulnerable to an unprecedented security flaw that allows hackers to snoop on internet traffic, researchers have revealed.

The vulnerability is the first to be found in the modern encryption techniques that have been used to secure Wi-Fi networks for the last 14 years.

In theory, it allows an attacker within range of a Wi-Fi network to inject computer viruses into internet networks, and read communications like passwords, credit card numbers and photos sent over the internet.

The so-called “Krack” attack has been described as a “fundamental flaw” in wireless security techniques by experts. Apple, Android and Windows software are all susceptible to some version of the vulnerability, which is not fixed by changing Wi-Fi passwords.

“It seems to affect all Wi-Fi networks, it’s a fundamental flaw in the underlying protocol, even if you’ve done everything right [your security] is broken,” said Alan Woodward of the University of Surrey’s Centre for Cyber Security.


Wi-Fi software security bug could leave Android, Windows, Linux open to attack

In an e-mail today to the Open Source Software Security (oss-security) mailing list, the maintainer of wireless network client code used by Android, the Linux and BSD Unix operating systems, and Windows Wi-Fi device drivers sent an urgent fix to a flaw that could allow attackers to crash devices or even potentially inject malicious software into their memory. The flaw could allow these sorts of attacks via a malicious wireless peer-to-peer network name.

The end result is that an attacker could corrupt information in memory, causing wpa_supplicant and Wi-Fi service to crash; a crafted SSID could essentially be used as a denial-of-service attack on affected devices simply by sending out responses to Wi-Fi probe requests or P2P network Public Action messages. But it could also expose memory contents during the three-way handshake of a peer-to-peer network negotiation (the GO negotiation) or potentially allow for the attacker to execute code on the target.


Military Cuts Guantanamo Bay WiFi After Alleged Threat by Anonymous

The Guantanamo Bay detention camp is losing all access to wireless internet and social networks due to hacking threats.

U.S. military officials have blocked access to wireless internet and social networks like Facebook and Twitter at Guantanamo Bay because it fears that international hacking group Anonymous will launch an attack to disrupt services at the naval base.

Anonymous launched a global online protest to mark the 100th day of the hunger strike by Guantanamo Bay prisoners. The detainees have been protesting their living conditions and indefinite detention at the base.

The U.S. military said it has been receiving online hacking threats amid the hunger strike, which were allegedly from Anonymous.


Prisoners Accessed Internet Through Faulty Computer Kiosks

Prisoners in privately run Mt Eden Corrections Facility were able to access the internet through faulty computer kiosks a security review of public sector computer systems has found.

The security breach was one of 12 “weak points” identified in Government Chief Information Officer Colin McDonald’s review of the security of 215 publicly accessible state sector agency IT systems released this morning.

Serco, the company which operates Mt Eden said that on November 26 last year, “an administrative error made it possible to open a web browser session” on kiosks provided to prisoners to allow them to “take responsibility for organizing their day-to-day lives and helps to develop literacy and numeracy skills”.

Serco’s Director of Operations Scott McNairn said the error “allowed for limited access to the internet, policed by a web filter which blocked access to inappropriate sites”.

“No email, social media or adult sites were accessed.”

The internet access was “limited” and “at no time was it possible to access any other systems or information”.

Serco has not said how long prisoners were able to access the internet for.

Mr McNairn said the company had improved security for the kiosks and was “confident” that the likelihood of further problems was “extremely low”.


Jailed Hacker Hacks Prison Network

It’s almost comical, but an incarcerated hacker has hacked into his prison’s computer network.

According to Naked Security (Sophos), Nicholas Webber, who operated the GhostMarket.Net cybercrime website, signed-up for the prison’s IT class. Webber, who was 18 at the time of his arrest for bank frauds and identity theft scams, apparently go onto the network but was unable to access personal information files.

The prison issued a statement to the Register: “At the time of this incident in 2011 the educational computer system at HMP Isis was a closed network. No access to personal information or wider access to the internet or other prison systems would have been possible.”

The incident, which occurred in 2011, only came to light because of a wrongful termination suit by the instructor leading the class.