Securing Open WiFi with OWE

Rowell Dionicio September 18, 2019

Every day we are connecting to open unencrypted Wi-Fi networks. These are networks such as enterprise guest networks, coffee shops, airport Wi-Fi, public venues, and more.

Security is everyone’s responsibility, including the user. But with Wi-Fi connectivity we seem to connect willingly without a single thought. Unencrypted Wi-Fi networks leave a gap in security. It can be a point of entry for malicious intent.

Unencrypted, open, Wi-Fi networks leave a device vulnerable between it and an access point. It’s one layer of security often left untouched and forgotten. Simply for the ease of use.

There is now a way to improve the security posture of open Wi-Fi networks while still keeping them “open” and easy to use.

It’s called Opportunistic Wireless Encryption (OWE).

OWE provides a way for devices to connect to open Wi-Fi networks with an encrypted session. Traffic exchanged between the device and access point can take advantage of having a third party snoop on the communications.

Inside technical look at OWE from https://rowelldionicio.com/identifying-owe-transition-mode-with-wireshark/

Why would OWE be needed? Opportunistic Wireless Encryption (OWE) will bring security to open networks.

Guest enterprise networks can feel more safe when browsing the web. Public spaces are less susceptible to sniffing since traffic is encrypted. Even the coffee shop can be safer. Remember the days of Firesheep? A Firefox browser extension allowed someone to hijack someone else’s Facebook, Amazon, and Twitter accounts. This was done over an open Wi-Fi connection.

We will see more support for OWE as newer access points are released by vendors. Currently, Cisco and Aruba support OWE with the latest version of firmware.

Many devices do not have support for it yet. The one device I’ve tested is the Samsung S10 which connected seamlessly to an OWE capable network.

One thing to keep in mind, because the Wi-Fi network is open, OWE will not be able to verify the access point you’re connecting to is indeed the organization’s broadcasting the SSID. There’s still more caution we must consider with open Wi-Fi networks but we can now begin encrypting our communications with open Wi-Fi networks.

Ask your Wi-Fi vendor if they are serious about Wi-Fi security and when they will support Opportunistic Wireless Encryption.

If you want to see some technical details around OWE check out these links:

Leave a Reply

Your email address will not be published. Required fields are marked *