- This topic has 7 replies, 5 voices, and was last updated 11 years, 9 months ago by .
-
Posts
-
LONDON, England (CNN) — You’re sitting in an airport lounge and seize the chance to check your e-mails before your flight departs. You log on and are tempted by a wireless Internet provider offering free Internet access. So, do you take it?
Security experts warn that hackers may be masquerading as free public Wi-Fi providers to gain access to the laptops of unsuspecting travelers.
All it takes, they say, is a computer program downloaded from the Internet, an open access point and a user who has ignored basic security advice.
“The difficulty for travelers is differentiating between a good Internet access hotspot and a rogue, or somebody trying to actually glean credentials from you. The issue is that you don’t necessarily know the difference between a good and a bad one,” computer security expert Sean Remnant told CNN.
In 2008, AirTight Networks dispatched a number of so-called “white hat” hackers to 27 airports around the world to test the vulnerability of their Wi-Fi systems. They found that 80 percent of the private Wi-Fi networks tested were open or poorly protected.
The wireless security company also found that basic services at several airports, including baggage handling systems, were vulnerable to hackers. Operators were using Wired Equivalent Privacy, known as WEP, which was found to provide inadequate protection to hackers as early as 2001.
One year after the survey was conducted, CNN Business Traveler met Remnant at London’s Heathrow airport, which was not included in the original survey, to test the potential dangers to unprotected Wi-Fi users.
Armed with a laptop, our “white hat” hacker took a seat in the crowded departure lounge at Terminal 3 and proceeded to scan the airwaves with his laptop, using a program he downloaded form the Internet called Airodump.
“It dumps everything in the air,” Remnant explained. “So if I execute the command to start Airodump, instantly I’m seeing probably 20 wireless networks with four or five of those having relatively weak server security.”
“There are several risks just on this screen,” he continued. “One is that we actually don’t know whether the public networks are legitimate or not.” The original survey conducted by AirTight Networks found the most common name for rogue Wi-Fi points was “Free Public Wi-Fi.”
“You’d have no idea if somebody sitting down to a laptop was a casual traveler trying to collect their email from an open port, or actually they were setting up a rogue access point,” Remnant said.
“Your security guys in the airport aren’t going to spot someone doing this because it’s a technical thing,” he added. Once connected, the hacker would have access to everything on your screen, from passwords, to bank account details, to the contents of e-mails.
And it’s not just happening at airports. The rapid spread of Wi-Fi networks to cafes, hotels and even entire cities is providing hackers with more opportunities to ply their trade.
Last month, Venice rolled out what is believed to be Europe’s most extensive Wi-Fi network. According to mobile media company Jiwire, there are now more than 273,000 free and pay Wi-Fi locations in 140 countries. The majority can be found in the United States, China, the United Kingdom and France. And most hotspots are located in hotels, along with cafes and restaurants.
However, the Wi-Fi Alliance, an industry group that tests and certifies Wi-Fi equipment, says the increased availability of Wi-Fi has not led to a rise in hacking cases.
“We certainly haven’t seen any kind of sudden epidemic of hackers in open hotspots or anything like that,” said the group’s marketing director, Kelly Davis-Felner.
She said all Wi-Fi enabled devices have in-built security measures, and all users need to do is to switch them on. The most up-to-date wireless security system is WPA2, which provides greater protection than its predecessors WPA and WEP.
“If you’re updating Facebook, or checking your personal e-mail or surfing the Web, there’s really no reason at all to worry about using an open network,” Davis-Felner said. “Any kind of online shopping or banking or anything that would require you to exchange sensitive data over the airwaves, then we advise people to exercise caution.”
The best way to protect sensitive information is to use a Virtual Private Network, or VPN, which encrypts the data moving to and from your laptop.
Kiran Deshpande, president of AirTight Networks, had this advice for travelers: “Connect only to the networks that you trust. Make sure that your communication is secure, disconnect the wireless when you stop using it, and maintain the list of wireless connections that you use on your laptop so that you don’t accidentally connect to networks that may spring up when you’re traveling.”
BUMP™
you can crack wpa using amazon’s webservices
wep takes under 5 minutes to crack
if a hacker knows what he is doing he can get in anyway.
WPA I don’t know, but the only way to crack WPA2 is brute-force it. So unless you’re stupid enough to have a password that would be in such a dictionary attack, you’re basically safe.
jbaldy, careful wat you say cause the FBI can ‘crack’ you…
@The Chassidishe Gatesheader using amazons webservices will give u enough power to do it for sure with a password of 7 letters or less – this was done 2 years ago already i believe and isnt all that complicated to do. i havent seen any updates but i am sure that by now u would be able to do longer passwords.
Am I wrong to assume that if you set up your wi-fi device with a Virtual Private Network (VPN) “app” & change your settings to use it, that you are safe?
@Kosherham it is safer but if i wanted to i could tunnel in there the same way i could into any network. nothing is fully “safe”.
- You must be logged in to reply to this topic.