You sit down at your local coffee shop and fire up the WiFi. Everything seems to work just fine.
The network name is the same; all of your pages load just fine — there’s no real indication that anything whatsoever is amiss. You browse around a bit, without giving the router a second thought.
Alas, you never actually connected to the coffee shop’s WiFi at all.
You’ve instead connected to a router built to look and work just like the one you wanted… with one big difference: this router is silently gobbling up all of the private data you’re piping through it — the credit card numbers, the social security numbers, the trade secrets — and sending it off to be perused and mined by who-on-earth knows.
This may sound like Mission Impossible “It’ll never happen to me!” type stuff, but it’s a growing problem. In the last few years, specialized hardware built to clone and conquer in-place, legitimate WiFi routers has plummeted down to the $50-$100 range.
And the problem hardly ends with WiFi. A number of easily obtainable boxes exist to clone and overpower in-place cellular towers. While your phone is connected to one of these towers, any texts or calls you make are handed right over to your attacker.
Spookier yet, some of these fake towers can command your phone to change its internal data routing (APN) settings, ensuring that it continues piping your private data to the attacker even once you’ve left the area.
It’s a complicated problem — but it’s one that CoroNet, a company competing in the TechCrunch Disrupt NY Startup Battlefield, aims to fix.
CoroNet Connect analyzes 300+ characteristics about the WiFi/Cellular networks around you and attempts to flag and block the bad ones.
While the company is keeping many of the characteristics they look for under wraps to keep their algorithms tricky, they did list a few of the more basic/obvious examples:
- If it detects two routers with the same details and Router A is deliberately overpowering Router B and forcing its devices to disconnect, it’s a good sign that Router A is malicious.
- If a network you regularly connect to suddenly picks up a new hop right at the beginning of its packet route, someone might be overpowering your router but funneling the data back through it to avoid raising suspicions.
- Imagine someone going after a corporate target by sitting next to them in an airport lounge and spoofing the network that their laptop automatically connects to at work. The laptop doesn’t care that you’re nowhere near your work — it just sees a network it knows is approved, and connects. CoroNet can grab your GPS coordinates and automatically work out that your work network shouldn’t be anywhere near that airport lounge, and block it accordingly.
They’ve got it up and working on most of the major platforms, with support for iOS (without jailbreak), Android, and Windows. OS X support, meanwhile, is said to be in the works.
With that in mind, how do you get it? Well, you don’t — not unless you’ve got a fleet of devices under your administration, at least. CoroNet is currently focusing strictly on enterprise, with hopes of helping Fortune 500 companies secure their employee devices.
CoroNet is being built by a team of 13, founded by four gents out of Israel: Dror Liwer, Doron Milchtaich, Carmel Domshlak, and Guy Moskowitz.[gallery ids="1154877,1154876,1154875,1154873,1154872,1154871,1154870,1154869,1154868,1154867,1154866,1154865,1154864,1154863,1154862,1154861,1154860,1154859"]
As the attack vectors change, how do you update the detection?
There’s no silver bullet. Our technology is looking for anomalies, whether they’re new anomalies or known, and we have labs that are constantly searching for new attack vectors.
Do you send data back to a central hub for machine learning of new threats?
In terms of customer acquisition: is that to acquire enterprise customers, or consumer customers?
We’re focusing on enterprise right now; we do not intend to sell direct to consumer.
What’s the battery impact?
About 1% per day.
What happens when a bad network is flagged? Is it blocked, and can the user unblock it?
There are two modes, depending on the user’s role/position in the system. In the “executive” role, you can unblock connections as desired.