The Hazards of Using Public WiFi Access Points

Editor’s note: I’m excited to share a cool new security site with you. Pulitzer prize winning journalist,  Byron Acohido, has launched a fresh site dedicated to keeping consumers and businesses informed about emerging information security (infosec) and privacy issues.

I first met Byron while he was doing a USA Today story on Java’s security risk, and I’m excited to see him and his team focus full time on infosec. Go check out the new site, Third Certainty, and sign up for the free weekly newsletter for regular updates.

Meanwhile, I recently did an interview with him about the dangers of public WiFi. Check out the article, in full, below. — Corey Nachreiner, CISSP (@SecAdept)


The hazards of using public WiFi access points

By Byron Acohido, ThirdCertainty

[vimeo http://player.vimeo.com/video/119276811 w=500&h=280]

Free WiFi access points (APs) are a great convenience for consumers and can be a productivity booster for business travelers. But they also present ripe opportunities for hackers. ThirdCertainty asked Corey Nachreiner, WatchGuard Technologies’ director of security strategy, to outline this exposure.

3C: What risks do consumers and business travelers take when using WiFi services in public venues such as airports, hotels and coffee shops?

Nachreiner: The exposure is potentially huge. It’s natural for people to congregate and wait in places like airports and hotels and use public WiFi access. So these are ideal locations for attackers to set up faked WiFi APs.

This is possible because SSIDs (wireless networks) used in these locations are widely trusted; names like AT&T Wi-Fi, XFINITY WiFi, Boingo Wi-Fi and Free WiFi. And, it is easy for an attacker to broadcast a faked AP using these familiar names to entice victims to connect via the attacker’s AP. Furthermore, if your computer has connected to the legit access point in the past, it may automatically connect to the faked one.

Best practices: 4 steps to using public-access WiFi safely

3C: So if I connect to the Internet via a faked WiFi connection do I still get on the web?

Nachreiner: Yes, but now the attacker can see what you’re doing, infect your computer and set up man-in-the-middle attacks that can steal your account credentials and work files.

3C: Does part of this have to do with the venues – the hotels and book shops – not bothering to lock down the free WiFi access?

Nachreiner: Yes. Eighty percent hospitality WiFi networks don’t require a unique password, and 50 percent do not secure or monitor their networks. I can share many stories about how easy it is to set up a faked AP in public areas and watch people join.

3C: This exposure has been out there since WiFi started going public more than a decade ago. So how intensively have the bad guys been exploiting this?

Nachreiner: Bad guys are definitely exploiting this. I’m a fairly regular business traveler. I’ve found suspicious and very likely malicious APs on two out of 10 trips. l’ve been on hotel networks where my security tools show other guests on the network trying to connect to my shares.

Whether they were just curious guests or malicious attackers is hard to say. But hotel networks are the perfect place for attackers to find victims.

3C: Right, that’s what happened in the so-called DarkHotel attack.

Nachreiner: Exactly, one of our partners, Kaspersky, discovered attackers targeting the third party WiFi vendor of a specific hotel. They were seeking intelligence on certain guests they knew would be staying at the hotel. They used the compromised wireless network to infect the computers of their targeted victims.

This was a very sophisticated attack and not the norm. That said, it’s more common to find basic criminals putting up faked hotel network connections to steal information from guests opportunistically.

3C’s  newsletter:Free subscription to fresh analysis of emerging exposures

More on emerging best practices

3 steps for figuring out if your business is secure

5 steps to secure cyrtography keys, digital certificates

6 steps for stopping hacks via a contractor or supplier

About Corey Nachreiner

Corey Nachreiner has been with WatchGuard since 1999 and has since written more than a thousand concise security alerts and easily-understood educational articles for WatchGuard users. His security training videos have generated hundreds of letters of praise from thankful customers and accumulated more than 100,000 views on YouTube and Google Video. A Certified Information Systems Security Professional (CISSP), Corey speaks internationally and is often quoted by other online sources, including C|NET, eWeek, and Slashdot. Corey enjoys "modding" any technical gizmo he can get his hands on, and considers himself a hacker in the old sense of the word.

No comments yet... Be the first to leave a reply!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: