Airport Snooping
I’ve always wondered why ill-intentioned hackers don’t set up fake free WiFi hotspots in public places like airports to collect passwords and other personal information. As it turns out, they do:
Authentium did an in-depth survey of the ad hoc networks found at O’Hare, visiting on three different occasions. It found more than 20 ad hoc networks each time, with 80% of them advertising free Wi-Fi access. The company also found that many of the networks were displaying fake or misleading MAC addresses, a clear sign that they were bent on mischief.
The Computerworld article focuses on the dangers of associating with ad-hoc (peer-to-peer) wireless networks and provides a number of tips for Windows users to avoid unintentionally connecting to an ad-hoc network.
It seems to me just a matter of time, though, before malicious agents set up “real” (infrastructure-mode) access points in public places to collect such data. In fact, based on the airport study above, I would be shocked if it weren’t already happening. Numerous trivial variations could be very difficult to detect for the average user: for example, someone could set up a WiFi access point advertising itself as a T-Mobile HotSpot, and copy the T-Mobile web interface. If they wanted to be especially crafty, they could sit outside a Starbucks (or other known T-Mobile HotSpot) and simply use a different channel than the existing hot spot. Even a sophisticated user might have trouble telling the difference.
The lesson is that you need to expect that all network traffic is insecure if not encrypted and signed at both ends. Although even in that case there are possible man-in-the-middle attacks, at least we have a cryptographic certificate/certificate authority infrastructure to mitigate the risk. (That sort of attack is also a bit more difficult to pull off, thus perhaps deterring the simplest “script-kiddie” type attackers.)