Free Wi-Fi scams found at Airport hotspots

cy

Flashaholic
Joined
Dec 20, 2003
Messages
8,186
Location
USA
Don't fall victim to the 'Free Wi-Fi' scam
Those wireless connections could be a trap

The next time you're at an airport looking for a wireless hot spot, and you see one called "Free Wi-Fi" or a similar name, beware -- you may end up being victimized by the latest hot-spot scam hitting airports across the country.

You could end up being the target of a "man in the middle" attack, in which a hacker is able to steal the information you send over the Internet, including usernames and passwords. And you could also have your files and identity stolen, end up with a spyware-infested PC and have your PC turned into a spam-spewing zombie. The attack could even leave your laptop open to hackers every time you turn it on, by allowing anyone to connect to it without your knowledge.

If you're a Windows Vista user, you're especially susceptible to this attack because of the difficulty in identifying it when using Vista. In this article, you'll learn how the attack works and how to keep yourself safe from it if you use Windows XP or Vista.

How the attack works

First, let's take a look at how the attack works. You go to an airport or other hot spot and fire up your PC, hoping to find a free hot spot. You see one that calls itself "Free Wi-Fi" or a similar name. You connect. Bingo -- you've been had!

The problem is that it's not really a hot spot. Instead, it's an ad hoc, peer-to-peer network, possibly set up as a trap by someone with a laptop nearby. You can use the Internet, because the attacker has set up his PC to let you browse the Internet via his connection. But because you're using his connection, all your traffic goes through his PC, so he can see everything you do online, including all the usernames and passwords you enter for financial and other Web sites.

http://www.computerworld.com/action...ewArticleBasic&articleId=9008399&pageNumber=1
 
Thanks for the warning! As a rule of thumb, I never do email or internet transactions unless I know that my connection is 100% secure (or at least close to 100%).


WP
 
how do they deal with ssl protected email and web sites? Seems to me that if you signed on to your bank or paypal via https or used an ssl connection for pop/imap (which I do) then they wouldn't be able to read your passwords or anything else.

Course, I have no idea what they could to poor windows being on the same subnet with you. Probably quite a bit.

One must ALWAYS assume that your internet traffic is getting logged somewhere along the way. If you're not using an httpS connection and an ssl email connection then you're eventually going to get logged.
 
There's more than identity theft there, I bet that counts as an interception of electronic communications equivalent to an illegal wiretap under Title III. Yes though, it's best to use a VPN whenever you use some random wifi hot spot including "legitimate" ones. It's due to some unfortunate history that we don't use encryption for just about everything.

If you use gmail you can read your email through SSL, but not so of hotmail or yahoo mail, and most people don't know about the possibility for gmail. All these services (plus paypal etc.) encrypt passwords but most webmail services don't encrypt the actual message text. Given the amount of business travellers using wifi at airports, I bet that intercepting piles of message text from webmail at airports can have considerable commercial value from an industrial espionage point of view.
 
Last edited:
And some web sites send the login ID and password (or cookies) in the clear before a secure link is fully established.

-Bill
 

Latest posts

Top