[ale] Slightly OT - Verizon/McAfee scareware and testing Wireless Networks

Sun Jan 20 23:11:44 EST 2019

On 2019-01-20 17:33, Neal Rhodes via Ale wrote:
> So, I don't know what possessed me to turn on the Verizon supplied
> security app on my Samsung phone.   But, I did. 
> 
> And as soon as I walked into church, it lit up with a message about the
> wireless in the main hall, to wit:   "the security of this network has
> been compromised!"
> 
> and it double dares me to ignore it.  And it repeats.    Now, I'm not
> personally iinvolved in this network; I recall it's maybe a business
> Comcast router feeding some Cisco wireless routers.   Doesn't seem like
> hardware that would get compromised. 
> 
> Then I walk into the Sanctuary, and it switches wireless and complains
> again.   Now, the only wireless in the Sanctuary is a Linksys router
> which is connected to the Behringer X32 digital sound board.   It has NO
> connection to the internet at all, and only three devices know the
> password.  Those devices manage the sound.  uhhhh, how is it even
> possible this device/wireless has been compromised?
> 
> Naturally, the Verizon app, powered by McAfee, won't tell me any details
> about these alleged compromises, but it does offer to sell me their
> enhanced WiFi protection.    I have to suspect this is scareware.  
> 
> However, I'm wondering if there is some reasonably simple scan I can do
> with normal Android or Windows software to discern if there is any
> credence to this? 

I did a very rapid search for anyone complaining of the app coming up
with warnings like this.  Some of the complaints are on Verizon's
message boards where they say the app doesn't specifically figure out
how it's been compromised.  First thing I can think of is that the app
probes the network and determines whether you can connect to other
wireless devices on the same AP.  One of the possible AP configurations
for decent APs would be to isolate clients from each other so the app
may be sensitive to that as that could technically be a coffee-shop
attack vector.  The other thought is an AP using WEP or WPA instead of
WPA2 (ignoring KRACK).  Either way a lot of people seem to get the
message so it appears to be overly sensitive.