The PRIVATE WiFi Blog

Search By Topic:

Popular Topics:



PRIVATE WiFi

The PRIVATE WiFi Blog

Resources | Jul 1st, 2011

How WiFi Hotspot Hacks Occur

Jared Howe

Imagine these scenarios:

  1. You are on vacation and you open your laptop in your hotel room. You log into the public WiFi network, and quickly agree to the Terms and Conditions (without reading them of course), and start to do your normal Internet activities. For just a second, you have a fleeting thought: “Is my computer at risk?” And then you begin your normal Internet activities and quickly forget all about it.
  2. You are waiting to catch your flight in an airport and, after grabbing a cup of coffee and opening your laptop, you see that there’s a “Free Public WiFi” network available. You login to your banking account to transfer funds. You have a vague sense that you might not be doing something safe, but you figure that you’re only going to be online for fifteen minutes, so you’re probably okay, right?

hacker

How Safe Are WiFi Hotspots?

Many of us assume that using a WiFi network at a hotel or airport is the same as logging into our network at home or at the office. But the risks of using WiFi networks at a hotel or airport are exponentially greater than those experienced at home or in an enterprise setting.

For example, while sharing folders, printers, desktops, and other services can be useful at home or in the office, doing so is inappropriate on a public network, where competitors or hackers can access this information.

Most private networks use firewalls to defend users against Internet-based attacks. This is not necessarily true in public wireless networks, where security practices vary widely. You may assume you are safe from outside attacks, but you really have no idea whether any firewall lies between your laptop data and the Internet.

Business travelers willing to connect to any network that offers free Internet access are especially vulnerable to such attacks. It is literally impossible to tell the safe networks from the bad ones. Wireless eavesdropping is possible everywhere. Only a small percentage of public networks prevent wireless eavesdropping, and many networks leave wifi users completely responsible for their laptop security, with extensive or complete file and service exposure.

So What Should I Be Worried About?

Okay, so now you are probably aware that using a public WiFi network while on the road exposes you to a lot of security risks. But what risks are we talking about exactly?

The following is a list of different types of hacks that can occur in public WiFi hotspots:

  • Sniffers: Software sniffers allow eavesdroppers to passively intercept data sent between your web browser and web servers on the Internet. This is the easiest and most basic kind of attack. Any email, web search or file you transfer between computers or open from network locations on an unsecured network can be captured by hackers.  Sniffing software is readily available for free on the web and there are 184 videos on YouTube to show budding hackers how to use them. The only way to protect yourself against WiFi sniffing in most public WiFi hotspots is to use a VPN, such as PRIVATE WiFi™.
  • Sidejacking: Sidejacking is a method where an attacker uses packet sniffing to steal a session cookie from a website you just visited. These cookies often contain usernames and passwords, and are generally sent back to you unencrypted, even if the original log-in was protected via HTTPS. Anyone listening can steal this log-in information and then use it to break into your Facebook or Gmail account. This made news in late 2010 because a programmer released a program called Firesheep that allows intruders sitting near you on a public WiFi network to take over your Facebook session, gain access to all of your sensitive data and send viral messages and wall posts to all of your friends.
  • Evil Twin/Honeypot Attack: This is a rogue WiFi access point that appears to be a legitimate one, but actually has been set up by a hacker to eavesdrop on wireless communications. An evil twin is the wireless version of the “phishing” scam: an attacker fools wireless users into connecting a laptop or mobile phone to a tainted hotspot by posing as a legitimate provider. When a victim connects, the hacker can launch man-in-the-middle attacks, listening in on all Internet traffic, or just ask for credit card information in the standard pay-for-access deal. Tools for setting this up are easily available (e.g., Karma and Hotspotter). One recent study found that over 56% of laptops were broadcasting the name of their trusted WiFi networks, and that 34% of them were willing to connect to highly insecure WiFi networks.
  • ARP Spoofing: Address Resolution Protocol (ARP) spoofing, also known as ARP flooding, ARP poisoning or ARP Poison Routing (APR), is a technique used to attack a wireless network. ARP spoofing allows an attacker to sniff traffic on a LAN and modify or stop the traffic altogether. This attack can only occur on networks that make use of ARP and not another method of address resolution. ARP spoofing sends fake, or "spoofed", ARP messages to a LAN which associates the attacker's MAC address with the IP address of the victim. Any traffic meant for the victim’s IP address is mistakenly sent to the attacker instead. The attacker could then forward the traffic to the actual default gateway (passive sniffing) or modify the data before forwarding it (man-in-the-middle attack). The attacker could also launch a denial-of-service attack against a victim by associating a nonexistent MAC address to the IP address of the victim. A successful APR attempt is invisible to the user.
  • “Free Public WiFi” Rogue Networks: “Free Public WiFi” networks are ad-hoc networks advertising “free” Internet connectivity. Once you connect to a viral network, all of your shared folders are accessible to every other laptop connected to the networks. A hacker can then easily access confidential data on your hard drive. These viral networks can be used as bait by an Evil Twin. “Free Public WiFi” networks turn up in many airports. Don’t connect to these networks and you won’t infect your laptop. If you find this kind of network on your laptop, delete it and reconfigure your adapter to avoid auto-connecting to any wireless network.
  • Man-in-the-middle Attacks: Any device that lies between you and a server can execute man-in-the-middle attacks, which intercept and modify data exchanged between two systems. To you, the man-in-the-middle appears to be a legitimate server, and to the server, the man-in-the-middle appears to be a legitimate client. In a wireless LAN, these attacks can be launched by an Evil Twin.

You Should Know What You Are Agreeing To

Remember those Terms and Conditions that you agreed to and didn’t read? Well, we’ve actually read them, and here is what some of them say:

  • Starbucks: It is the Customer’s responsibility to ensure the security of its network and the machines that connect to and use IP Service(s).
  • Boingo Wireless: There are security, privacy and confidentiality risks inherent in wireless communications and technology and Boingo does not make any assurances or warranties relating to such risks. If you have concerns you should not use the Boingo software or service. We cannot guarantee that your use of the wireless services through Boingo, including the content or communications to or from you, will not be viewed by unauthorized third parties.
  • JetBlue: Wireless internet connections such as that provided through the Service are not secure. Communications may be intercepted by others and your equipment may be subject to surveillance and/or damage. Since the wireless connection providing you with access uses radio signals, you should have no expectation of privacy whatsoever when using the service. Accordingly, in providing this service, JetBlue cannot and does not promise any privacy protection when you use the service. It is your sole responsibility to install and deploy technological tools to protect your communications and equipment that may be compromised by use of a wireless network.”

For additional examples of Terms and Conditions from hotspot providers, visit the ‘read the fine print’ section of our website.

So How Can I Protect My Laptop?

Okay, so now you know how dangerous wireless networks can be, and the various kinds of attacks you may face when using them. So what specifically can you do to protect yourself and your data?

Below are some proactive steps you can take to protect yourself when using such networks, and services you can use that provide laptop security.

  • Disable or block file sharing
  • Enable a Windows Firewall or install a third party personal firewall
  • Use file encryption
  • Most importantly, use a VPN

The one thing that they all have in common is that it is your responsibility to protect yourself. The best way to protect your sensitive information is to use a Virtual Private Network, or VPN, which encrypts the data moving to and from your laptop. The encryption protects all your Internet communication from being intercepted by others in wifi hotspots. In addition, VPNs can prevent hackers from connecting to your laptop and stealing your data files.

Most large companies have a company-support VPN to protect corporate communications. PRIVATE WiFi provides the same capability for individuals, business travelers, and small and medium-sized enterprises. Please visit our website for details.

Associated Topics:

Associated Topics:

Comments

Related Posts

Cyber Security Training Just As Important at C-Level

Thought Leadership
Eva Velasquez | Mar 24th, 2015

The need for better online safety training to prevent data breaches is a hot topic right now. Coupled with stronger computer and network policies, companies want to prevent the hacking events that leave businesses susceptible to a data breach. While it’s no secret that employees in both the private sector and government service can unintentionally expose organizations to hackers, what is surprising is a report by Wombat Security that shows that 33% of CEOs fell for phishing attacks that led to network access. Why are they falling for this kind of internet activity? Read More

E-filing: The Fastest and Safest Way to File Taxes?

Thought Leadership
Eva Velasquez | Mar 9th, 2015

E-filing your annual return to the IRS offers speed and convenience and when coupled with industry-approved software that can plug in the values for you, a lot of the headaches traditionally associated with doing your taxes are eliminated. However, there are some potential dangers that you should be aware of, such as insecure public WiFi networks and online tax fraud. Read More

FTC Says Hotel WiFi is Dangerous

Thought Leadership
Kent Lawson | Feb 23rd, 2015

Recently, the FTC posted an article on their website stating that hotel WiFi is dangerous and that users should not assume that just because they pay for Internet access that their connection is secure.

We couldn’t agree more. In fact, I have been stating this fact since we launched PRIVATE WiFi nearly five years ago.  This is an important topic because hotel traveler’s rank WiFi access at hotels as the number one amenity that they look for when booking hotel rooms. Read More

How Are You Celebrating Safer Internet Day 2015?

News & Features
Jared Howe | Feb 9th, 2015

Safer Internet Day (SID), which falls on February 10th this year, helps promote safe and more responsible use of technology and mobile phones, especially for young children and teenagers.  This day of awareness and education gets more important every year because, for better or worse, the Internet is a part of our everyday lives.

Read on to get more involved. Read More

X

Thank you for subscribing to our newsletters

Your email has been added to our system. You will be e-mailed shortly with a request to confirm your membership. Please make sure to click the link in that message to confirm your subscription.