Beware the Airport Wireless 120
schwit1 writes to tell us that a recent study by a Silicon Valley-based security company shows that black-hats have been ramping up their use of tempting free or unsecured wireless access points in high travel areas like airports and hotels. "According to their study, even the 'secure' networks weren't all too safe. Eighty percent of the private Wi-Fi networks at airports surveyed by Airtight were secured by the aging Wired Equivalent Privacy (WEP) protocol, which was cracked back in 2001. Almost as many — 77 percent — of the networks they surveyed were actually private, peer-to-peer networks, meaning they weren't official hotspots. Instead, they were running off someone else's computer."
Old (Score:5, Informative)
Isn't this quite old story? Already years ago I read that people have been setting their own hotspots near crowded places, and it works good because if you get better signal than the official hotspot the computers usually pick your hotspot first. This was even covered in The Real Hustle [youtube.com] many seasons ago.
And for that matter, you're in a insecure place connecting via some random network. Its just stupid.
Re:Ahh, the old "Free Public WiFi" issue (Score:5, Informative)
Re:relay (Score:1, Informative)
(New Hampshire is the one that touches the ocean. The other one is Vermont, which is the one that touches Canadia.)
Canadia? [urbandictionary.com]
Re:SSL? (Score:3, Informative)
You should read more. There's a book out, "Beautiful Security". There is a chapter devoted to airport wireless. Joe Sixpack doesn't look at the SSL certificate, doesn't even notice the little lock emblem. Even a lot of "sophisticated" people continue doing their banking, rationalizing the absence of the secure symbol. The author of the section has collected TONS of personal details by spoofing a WIFI service at an airport.
Re:they were running off someone else's computer (Score:1, Informative)
A black hat is, however, going to be perfectly happy with leaving the trojan on your PC so that, when you get back home and log into your bank from your "secure" connection, you're pwn3d.
All it would take is a few hours running a properly-configured (2 network interfaces, one to the airport's wireless, one acting as the WAP) laptop doing DNS redirects on common banner-ad hosting sites to run the malicious Javashit, Flash, or even just replace the ads with a .gif/.jpg/ that contains suitably-malformed headers/metadata.
Re:Old (Score:3, Informative)
Your education is your responsibility. It's assumed that if you're installing a wifi router, you will do your homework on how to set it up and read all the included documentation.
The local major DSL provider to me used to provide DSL modem/routers to their customers with built in wireless. The wireless was disabled by default.
When you went through the initial setup, though (had to do it before the router would let you online) it encouraged you - strongly...it would have been hard for a non-techie user to figure out how to avoid it - to enable wireless.
When setting up the encryption, it had four radio button options that looked like this:
O No encryption.
O 64 bit WEP
O 128 bit WEP (recommended)
O WPA-PSK
So the recommended option was something that could be broken into in 15 minutes or so.
About a year ago, they stopped distributing those routers, and started sending out a different type, that come by default with 128 bit WEP enabled, and with the customer's username/password pre-programmed, so the documentation just says "Your router is preconfigured. Just plug it in, and it will connect and work properly."
Microsoft's web site says if you must use WEP, change your key once a month, so if somebody gets the key, they'll be locked out again. So out of the 43200 minutes in an average month, you'll only be vulnerable for 43185 of them if you follow Microsoft's advice.
Most of the computer stores in my city are still using WEP on their networks. If the customer hires them to set up their network properly, they'll still end up hackable.
Then, on top of that, very few techs even know of the vulnerabilities in WPA. If you use a passphrase that's in a dictionary/wordlist/phraselist somewhere, you can still be broken into, even using WPA. It's a little harder, as it requires a legitimately connected client, which WEP doesn't, but it also doesn't require anywhere near the amount of wireless traffic collection that WEP does.
30 seconds will typically be long enough to collect the data you need, then you can go crack remotely, whereas WEP requires 5-15 minutes worth of data collection.
The bottom line is, you can't trust the documentation, you can't trust the advice from the "experts," and you can't trust articles you read on the Internet. The only real way to be secure is to ask somebody who knows how to break into these things if they can break into yours. If they can't, you're probably safe.