The hazards of using public WiFi access points

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

By Byron Aco­hi­do, ThirdCertainty

Free WiFi access points (APs) are a great con­ve­nience for con­sumers and can be a pro­duc­tiv­i­ty boost­er for busi­ness trav­el­ers. But they also present ripe oppor­tu­ni­ties for hack­ers. Third­Cer­tain­ty asked Corey Nachrein­er, Watch­Guard Tech­nolo­gies’ direc­tor of secu­ri­ty strat­e­gy, to out­line this exposure.

3C: What risks do con­sumers and busi­ness trav­el­ers take when using WiFi ser­vices in pub­lic venues such as air­ports, hotels and cof­fee shops?

Nachrein­er: The expo­sure is poten­tial­ly huge. It’s nat­ur­al for peo­ple to con­gre­gate and wait in places like air­ports and hotels and use pub­lic WiFi access. So these are ide­al loca­tions for attack­ers to set up faked WiFi APs.

This is pos­si­ble because SSIDs (wire­less net­works) used in these loca­tions are wide­ly trust­ed; names like AT&T Wi-Fi, XFINITY WiFi, Boin­go Wi-Fi and Free WiFi. And, it is easy for an attack­er to broad­cast a faked AP using these famil­iar names to entice vic­tims to con­nect via the attacker’s AP. Fur­ther­more, if your com­put­er has con­nect­ed to the legit access point in the past, it may auto­mat­i­cal­ly con­nect to the faked one.

Best prac­tices: 4 steps to using pub­lic-access WiFi safely

3C: So if I con­nect to the Inter­net via a faked WiFi con­nec­tion do I still get on the web?

Nachrein­er: Yes, but now the attack­er can see what you’re doing, infect your com­put­er and set up man-in-the-mid­dle attacks that can steal your account cre­den­tials and work files.

3C: Does part of this have to do with the venues – the hotels and book shops – not both­er­ing to lock down the free WiFi access?

Nachrein­er: Yes. Eighty per­cent hos­pi­tal­i­ty WiFi net­works don’t require a unique pass­word, and 50 per­cent do not secure or mon­i­tor their net­works. I can share many sto­ries about how easy it is to set up a faked AP in pub­lic areas and watch peo­ple join.

3C: This expo­sure has been out there since WiFi start­ed going pub­lic more than a decade ago. So how inten­sive­ly have the bad guys been exploit­ing this?

Nachrein­er: Bad guys are def­i­nite­ly exploit­ing this. I’m a fair­ly reg­u­lar busi­ness trav­el­er. I’ve found sus­pi­cious and very like­ly mali­cious APs on two out of 10 trips. l’ve been on hotel net­works where my secu­ri­ty tools show oth­er guests on the net­work try­ing to con­nect to my shares.

Whether they were just curi­ous guests or mali­cious attack­ers is hard to say. But hotel net­works are the per­fect place for attack­ers to find victims.

3C: Right, that’s what hap­pened in the so-called Dark­Ho­tel attack.

Nachrein­er: Exact­ly, one of our part­ners, Kasper­sky, dis­cov­ered attack­ers tar­get­ing the third par­ty WiFi ven­dor of a spe­cif­ic hotel. They were seek­ing intel­li­gence on cer­tain guests they knew would be stay­ing at the hotel. They used the com­pro­mised wire­less net­work to infect the com­put­ers of their tar­get­ed victims.

This was a very sophis­ti­cat­ed attack and not the norm. That said, it’s more com­mon to find basic crim­i­nals putting up faked hotel net­work con­nec­tions to steal infor­ma­tion from guests opportunistically.

3C’s  newslet­ter: Free sub­scrip­tion to fresh analy­sis of emerg­ing exposures

More on emerg­ing best practices

3 steps for fig­ur­ing out if your busi­ness is secure
5 steps to secure cyr­tog­ra­phy keys, dig­i­tal certificates
6 steps for stop­ping hacks via a con­trac­tor or supplier