Wi-Fi Direct: Safe for Hospital Use?

The Wi-Fi® Alliance positions Wi-Fi Direct as “a game-changing new technology enabling Wi-Fi devices to connect…to one another without joining a traditional home, office or hotspot network.” While Wi-Fi Direct has several benefits, especially for consumer devices, it may introduce unforeseen security threats when used in a hospital.

What Is Wi-Fi Direct?

Wi-Fi Direct is a peer-to-peer (P2P) connection technology. When Wi-Fi Direct is enabled on a client device, other Wi-Fi client devices are invited to connect to the Wi-Fi Direct device as if it were an infrastructure endpoint such as an access point (AP). The devices that connect to a Wi-Fi Direct device do not have to support Wi-Fi Direct and may not be aware that they are connecting to another client instead of an AP.

The Wi-Fi Direct FAQs on the Wi-Fi Alliance Web site indicate that Wi-Fi Direct is likely to be used not just in homes but also in enterprise environments such as hospitals. “The technology behind the Wi-Fi Direct certification program will be important for enterprise environments, enabling applications such as file transfer, printing, and display in the absence of a suitable WLAN. We also expect that the specification will be used in enterprises to temporarily connect mobile data terminals and other portable devices for short-term tasks such as data transfer.”

WPA2-Personal

According to another Wi-Fi Alliance Web page, “all Wi-Fi Direct connections are protected by WPA2™, the latest Wi-Fi security technology.” There are two versions of WPA2, Personal and Enterprise. Both use a strong encryption method called AES-CCMP to scramble all data transmitted over the air. The difference is on the authentication side. WPA2-Enterprise uses IEEE 802.1X, which offers enterprise-grade authentication that is sufficient for HIPAA. WPA2-Personal uses pre-shared keys and is designed for homes, not hospitals.

Wi-Fi Direct security must be configured on each client device for which Wi-Fi Direct can be enabled. Configuring security on “personal” devices requires the cooperation of the device user. Users can be forced to configure Wi-Fi network security on their devices because, if they don’t, then they cannot gain access to the hospital Wi-Fi network. But forcing users to configure Wi-Fi Direct security may prove challenging, especially if the device is used at home without strong security.

A Bridge to the Hospital Network

Even when WPA2-Personal is configured for Wi-Fi Direct, that security is not as strong as the WPA2-Enterprise used to protect the hospital Wi-Fi network. In an October 2010 blog post, wireless engineer Andrew vonNagy explains that, using Wi-Fi Direct, a device “can simultaneously be connected to the infrastructure as a client as well as establish a Wi-Fi Direct group session with one or many other group members, then allow those group members to access resources in the infrastructure.”

Such a scheme may be fine in a hospital if all group members are authorized to be on the hospital network. But what if an untrusted person joins the Wi-Fi Direct group? Hackers exploit vulnerabilities. If a hacker is able to connect to a Wi-Fi Direct client that is on the hospital network, then the hacker has access to the hospital network.

Purdue University student Matt Jurek raises this concern in another October 2010 blog post. “…with Wi-Fi [D]irect you are able to connect simultaneously to both your network and a P2P device or Wi-Fi Direct. So if someone attacked your Wi-Fi Direct connection, couldn’t they then tunnel into your existing network through that connection that they have created?”

Wireless analyst Rob Enderle states in a ComputerWorld article that Wi-Fi Direct enables any computer to become an AP. “If you have had problems with rogue access, oh boy, watch out…. You may need to rethink your security procedures,” says Enderle.

Preventing the Bridge

In a Wi-Fi Planet article, Intel senior product manager Gary Martz says that the Wi-Fi Direct specification places a premium on security. “We developed Wi-Fi Direct to have separate security domains, so your wireless LAN connection is a separate security domain from your Wi-Fi Direct network,” says Martz. “And the corporate IT manager can manage that crossover—does he want to allow that crossover, or does he want to firewall it?”

When a client attempts to connect to the Wi-Fi infrastructure, the infrastructure can identify whether or not that client supports Wi-Fi Direct and choose to allow or disallow the connection. Identifying whether or not clients support Wi-Fi Direct likely may require an upgrade to AP or controller firmware.

An Ounce of Prevention…

Richard Kirk, European director of Fortify Software®, warns that keeping Wi-Fi Direct clients off the enterprise network is very important. Many of today’s Wi-Fi intrusion detection measures focus on APs, not on clients that can become APs. “Put simply, unless a portable device – such as an iPhone or smartphone – has got robust security on board, as well as applications that are secure against hacking, then an unauthorised person could establish a peer-to-peer connection directly,” says Kirk. “And if hackers can establish a peer-to-peer connection with a smartphone inside a company, they then have a foothold with which to gain unauthorised access to the company network from the other side of the firewall and security software,” he added.

Enterprise Efficiency Editor-in-Chief Matthew McKenzie sees no place for Wi-Fi Direct in an enterprise, at least for now. “First, if you work in enterprise IT, I suggest that you regard Wi-Fi Direct as a clear and present security threat until it proves itself otherwise. Quick, easy, instantaneous peer-to-peer connections among devices — printers, cameras, smartphones, tablets, and who knows what else — sounds like it will be very convenient… especially for people trying to move data they shouldn’t be touching to places it shouldn’t be going.”