Enterprise Wi-Fi: we need devices that are secure by default

posted Sep 5, 2018, 4:35 AM by Eric Medvet   [ updated Sep 5, 2018, 8:44 AM ]
  • Communications of the ACM (CACM), 2018, to appear
  • Alberto Bartoli, Eric Medvet, Andrea De Lorenzo, Fabiano Tarlao
Wireless networks have become an essential component of virtually every enterprise. The security technology for these networks (WPA2 Enterprise) has been designed for a world that is very different from today’s world. Basic assumptions for secure deployment of the technology are now violated systematically. As a result, Wi-Fi enabled personal devices are typically at risk of leaking single sign-on enterprise credentials everywhere and without any need of explicit action from their owners. It is necessary to emphasize this pervasive yet largely underestimated risk.