We all use Wi-Fi hotspots — they make shopping, working, checking emails and just about everything else easier. But how much more of a risk is it to escape the kids and open up the laptop at the local coffee shop? Probability says it is safe but mobile users should arm themselves in case it is not.
First of all, any area where free Wi-Fi is offered is more of a target than a residence (unless the target is a high-profile individual, as you might be specifically attacked). If I am a low-level hacker I am looking for the easiest exploit. Your basic script kiddie is trying to sniff your passwords or trying to grab some credit card info. If I am an advanced hacker my skills will most likely be used to target a CEO or famous celebrity, although their venue differs, many of the same tools would be employed.
Most users of Wi-Fi employ default settings which can lead to an association with an unencrypted access point or Ad-Hoc SSID. Automatic association to an open SSID could connect to a rogue access point (AP). Ad Hoc networks with names like "FreeWiFi" that are open are almost definitely rogues. Hotspots are generally OPEN and therefore not encrypted. This leaves the mobile user susceptible to eavesdropping (a.k.a. snooping).
A rogue AP is most likely a honeypot. This honeypot collects your packets for as long as it can before you get frustrated and try to connect to another Wi-Fi connection. This attack can be perpetrated by the hacker broadcasting an SSID that is mistaken as the legitimate SSID (perhaps by changing case or adding a hyphen). The unknowing user then voluntarily connects to the AP.
Once connected, the hacker can do many things. The unsuspecting user could then be redirected to a Web page that asks him to create a login with email and password. The hacker now has an identity and a password that the user probably employs on many sites, maybe even for the email he just shared. Therefore, always use insignificant passwords for transient accounts.
Another method that an attacker can use to compromise a hotspot user is the employ an evil twin attack. The evil twin is a variant of the man-in-the-middle (MITM) attack. Whereas an MITM compromises the user's confidentiality and subsequantly hijacks a connection, the evil twin first employs narrowband jamming that will coax the victim to roam to the evil twin presenting the same SSID. The victim associates and further exploits are now attempted by the hacker.
I have mentioned just a few of the wireless attacks that exist, but there are certainly more that users should be aware of.
So what can the mobile users of 2015 do to protect themselves?
- Harden your mobile device's OS
- Harden wireless settings and make profiles deterministic
- disable ad hoc connections and disallow automatically connecting to wireless networks
- Use a personal firewall and antivirus software
- update them both frequently
- Keep updates and patches current for OS and apps
- Use a VPN with strong encryption
- This will protect your traffic but does not protect 802.11 info in the headers of wireless packets
- Use two-factor authentication whenever available online
- Check for sites that offer two-factor authentication
- Use HTTPs whenever possible
- Look for the lock favicon to verify
- Even though your HTTPs connection (SSL) is generally regarded as safe, there are attack methods developing every day.
As always, a layered security approach offers you the best protection. The more of the recommended measures that you employ and the more frequently you audit your security, the less risk you will be exposed to.
The graphic below illustrates many Wi-Fi attacks and which part of the CIA triad they exploit.
This article is published as part of the IDG Contributor Network. Want to Join?