Is Wi-Fi Direct Safe for Enterprise Use?
The Wi-Fi Alliance positions Wi-Fi Direct as “a game-changing new technology enabling Wi-Fi devices to connect…to one another without joining a traditional home, office or hotspot network.” While Wi-Fi Direct has several benefits, especially for consumer devices, it may introduce unforeseen security threats when used in an enterprise setting.
Wi-Fi Direct is a peer-to-peer (P2P) connection technology. When Wi-Fi Direct is enabled on a client device, other Wi-Fi client devices are invited to connect to the Wi-Fi Direct device as if it were an infrastructure endpoint such as an access point (AP). The devices that connect to a Wi-Fi Direct device do not have to support Wi-Fi Direct and may not be aware that they are connecting to another client instead of an AP.
The Wi-Fi Alliance promotes the fact that all Wi-Fi Direct connections are protected by WPA2. There are two versions of WPA2, Personal and Enterprise. Both use a strong encryption method called AES-CCMP to scramble all data transmitted over the air. The difference is on the authentication side. WPA2-Enterprise uses IEEE 802.1X, which offers enterprise-grade authentication. WPA2-Personal uses pre-shared keys and is designed for homes, not enterprises. WPA2-Personal must be configured on each client device for which Wi-Fi Direct can be enabled. Requiring users to configure Wi-Fi Direct security on "personal" devices may prove challenging, especially if the devices are used at home without strong security.
Even when WPA2-Personal is configured for Wi-Fi Direct, that security is not as strong as the WPA2-Enterprise used to protect the hospital Wi-Fi network. In an October 2010 blog post, wireless engineer Andrew vonNagy explains that, using Wi-Fi Direct, a device “can simultaneously be connected to the infrastructure as a client as well as establish a Wi-Fi Direct group session with one or many other group members, then allow those group members to access resources in the infrastructure.” Such a scheme may be fine in an enterprise if all group members are authorized to be on the enterprise network. But what if an untrusted person joins the Wi-Fi Direct group?
To learn more on concerns about the use of Wi-Fi Direct in enterprises such as hospitals, read the post on the Summit for Medical blog.