Security Experts:

Connect with us

Hi, what are you looking for?


Mobile & Wireless

NSA Shares Guidance for Government Employees on Securing Wireless Devices in Public

The National Security Agency (NSA) has published a new document to provide a series of recommendations on how governmental agencies in the United States can mitigate the cybersecurity risks associated with the use of wireless devices in public settings.

The National Security Agency (NSA) has published a new document to provide a series of recommendations on how governmental agencies in the United States can mitigate the cybersecurity risks associated with the use of wireless devices in public settings.

Given the wide adoption of telework due to the COVID-19 pandemic, both businesses and end users need to ensure increased protection of personal and corporate data, especially in public settings. The NSA points out that securing devices for the use of public Wi-Fi hotspots is not enough, as their Bluetooth and Near Field Communications (NFC) functions require similar attention as well.

“To ensure data, devices, and login credentials remain secure and uncompromised, cybersecurity is a crucial priority for users and businesses. This includes identifying higher-risk public networks and implementing security best practices while in public settings, whether connecting laptops, tablets, mobile phones, wearable accessories, or other devices with the ability to connect to the internet,” the NSA says.

The guidance is aimed at National Security System (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) users, but it can also be useful to the general public. The agency’s infosheet recommends a series of best practices for securing wireless devices when they are used in public places.

Connecting to public Wi-Fi networks is not recommended, as this may expose devices to various attacks. When such connections are necessary, however, the use of a virtual private network (VPN) to encrypt the traffic is recommended, along with secure browsing methods, to ensure data is protected from Wi-Fi snooping.

Bluetooth, the NSA notes, may be convenient for transmitting data between devices within short distances, but could pose a risk in public settings, where attackers may abuse the technology to access information about targeted devices or “send, collect, or manipulate data and services on the device” by leveraging various Bluetooth compromise techniques.

[Also read: One Year Later, Over 2 Billion Devices Still Exposed to BlueBorne Attacks]

NFC, which is used for various applications such as contactless payments and close device-to-device data transfers, could also be abused for malicious attacks, albeit the NFC range limitations minimize opportunities to exploit vulnerabilities in the protocol. Even so, the NSA recommends that users disable the function when it is not in use.

The agency also recommends keeping device operating systems and other software updated at all times, using security applications, using multi-factor authentication whenever possible, rebooting mobile devices after using public Wi-Fi, enabling firewalls on laptops, configuring Web-Proxy Autodiscovery Protocol (WPAD) for corporate proxies, and disabling Link-Local Multicast Name Resolution (LLMNR) and Netbios Name Service (NBT-NS), where applicable.

Should connecting to a public Wi-Fi network be necessary, the NSA recommends connecting to secured Wi-Fi hotspots only, and only if the network uses WPA2-encryption at a minimum. Moreover, users are advised to delete the Wi-Fi network from the device after disconnecting from it, erase any other unused Wi-Fi networks from the device, and limit browsing to the necessary websites and accounts.

Furthermore, users are advised to periodically monitor Bluetooth connections, disable the function when it is not in use, disable discovery mode if not needed when Bluetooth is active, and be selective of the applications that are allowed to use Bluetooth.

“Users should consider additional security measures, including limiting/disabling device location features, using strong device passwords, and only using trusted device accessories, such as original charging cords,” the NSA also says.

Jake Williams, co-founder and CTO at incident response firm BreachQuest, commented, “While people should be generally cautious when connecting to public WiFi, advising them never to use public WiFi is not realistic for most. With the rise of ubiquitous encryption, particularly the use of HTTPS, the risks of using public WiFi today are a fraction of what they were even a few years ago.”

“Security practitioners should also be communicating the relative risks of using public WiFi with a laptop versus a cellphone or tablet. Laptops frequently use technologies, such as LLMNR, that make using public WiFi significantly more risky. Cell phones and tablets on the other hand typically do not use such technologies,” Williams added.

Related: NSA Issues Guidance on Securing IT-OT Connectivity

Related: NSA Publishes Guidance on Adoption of Zero Trust Security

Related: NSA, DHS Issue Guidance on Protective DNS

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Mobile & Wireless

The February 2023 security updates for Android patch 40 vulnerabilities, including multiple high-severity escalation of privilege bugs.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

South Dakota Gov. Kristi Noem says her personal cell phone was hacked and linked it to the release of documents by the January 6...


Pig Butchering, also known as Sha Zhu Pan and CryptoRom, is an ugly name for an ugly scam.