The hazards of using public WiFi access points
By Byron Acohido, ThirdCertainty
Free WiFi access points (APs) are a great convenience for consumers and can be a productivity booster for business travelers. But they also present ripe opportunities for hackers. ThirdCertainty asked Corey Nachreiner, WatchGuard Technologies’ director of security strategy, to outline this exposure.
3C: What risks do consumers and business travelers take when using WiFi services in public venues such as airports, hotels and coffee shops?
Nachreiner: The exposure is potentially huge. It’s natural for people to congregate and wait in places like airports and hotels and use public WiFi access. So these are ideal locations for attackers to set up faked WiFi APs.
This is possible because SSIDs (wireless networks) used in these locations are widely trusted; names like AT&T Wi-Fi, XFINITY WiFi, Boingo Wi-Fi and Free WiFi. And, it is easy for an attacker to broadcast a faked AP using these familiar names to entice victims to connect via the attacker’s AP. Furthermore, if your computer has connected to the legit access point in the past, it may automatically connect to the faked one.
Best practices: 4 steps to using public-access WiFi safely
3C: So if I connect to the Internet via a faked WiFi connection do I still get on the web?
Nachreiner: Yes, but now the attacker can see what you’re doing, infect your computer and set up man-in-the-middle attacks that can steal your account credentials and work files.
3C: Does part of this have to do with the venues – the hotels and book shops – not bothering to lock down the free WiFi access?
Nachreiner: Yes. Eighty percent hospitality WiFi networks don’t require a unique password, and 50 percent do not secure or monitor their networks. I can share many stories about how easy it is to set up a faked AP in public areas and watch people join.
3C: This exposure has been out there since WiFi started going public more than a decade ago. So how intensively have the bad guys been exploiting this?
Nachreiner: Bad guys are definitely exploiting this. I’m a fairly regular business traveler. I’ve found suspicious and very likely malicious APs on two out of 10 trips. l’ve been on hotel networks where my security tools show other guests on the network trying to connect to my shares.
Whether they were just curious guests or malicious attackers is hard to say. But hotel networks are the perfect place for attackers to find victims.
3C: Right, that’s what happened in the so-called DarkHotel attack.
Nachreiner: Exactly, one of our partners, Kaspersky, discovered attackers targeting the third party WiFi vendor of a specific hotel. They were seeking intelligence on certain guests they knew would be staying at the hotel. They used the compromised wireless network to infect the computers of their targeted victims.
This was a very sophisticated attack and not the norm. That said, it’s more common to find basic criminals putting up faked hotel network connections to steal information from guests opportunistically.
3C’s newsletter: Free subscription to fresh analysis of emerging exposures
More on emerging best practices