Public wireless access points - the world at your fingertips or risky business
Week 17, 2007
Introduction
Imagine a person with malicious intent sitting in a cafe drinking her cappuccino, pretending to surf the Internet; while what she actually does is harvesting user names and passwords from her fellow guests.
A no-sense scenario, or an easy-to-set-up scheme? Unfortunately the latter, as will be discussed below.
The wonderful world of Internet access from everywhere
As we are getting more and more interwined to the Internet we are obviously more dependent on being able to access the net in any situation. To meet this need, wireless zones are set up in public areas like e.g. airports, restaurants, coffee shops and cafés. These access points enable us to perform all kinds of tasks using portable devices like an advanced mobile phone or a laptop computer:
- Surfing news pages
- Performing personal bank transactions
- Reading and writing emails
- Chatting with friends and co-workers
- Logging into the corporate networks to do some last-minute work that was not possible to finish during normal working hours
- Checking credit card balances
The only thing you have to do to get this wonderful world literally by your fingertips, is to connect through the access point that is provided by e.g. the coffee shop you are visiting.
Introducing "the evil woman"
So there you are, happily connected to the Internet using the free access point provided by your friendly coffee shop owner, and performing all kinds of stuff that you feel like doing.
What you do not realize is that you are not connected to the coffee shops access point at all. Close to you there is an innocent-looking woman using her own laptop to surf the Internet (presumably). What she does, however, is monitoring her own access point that she has set up with the intent of tricking her fellow coffee drinkers (you!) to connect to the Internet through her connection.
The access point technology works in such a way that the access points with the stronges signal is preferred, and by being "in the middle of the crowd", our woman's device will often be exactly that. So while you believe that you are connected to the Internet through the coffee shop's "trusted" access point, in reality you are connected through a device that has software running which monitors your entire communication. Of course her criminal mind is clever enough to name her access point in such a way that it would be mistaken to be the coffeee shop's access point.
Setting up such a rogue hotspot is
- cheap (minor investments needed in hardware, software is freely available on the Internet)
- relatively riskless as she leaves "the crime scene" when enough juicy information is harvested, and it is difficult to spot the culprit
- much more efficient that e.g. traditional phishing attacks that relies on a tiny fraction of a huge number of persons to be gullible and "bite".
Mitigating factors - or...
Fortunately most web sites that engage in critical information exchange use encrypted communication, or other security techniques, which make it not so easy to get the necessary credentials to conduct a crime. Access to corporate networks is often (or at least should be) through a virtual private network technology (VPN), which also strengthens the security considerable.
However, the fact remains that lots of public access point are not free, but require some kind of payment to subscribe to. A second line of attack may therefore be to set up a phishing web site, which harvests credit card credentials given to obtain access. This can be done in a minutes. The evil woman always has a fall-back solution available to her...
