It's Everywhere
Point of Sale attacks ● The free WiFi is connected to the same DSL or cable service as the PoS computers ● Depending if this free WiFi is protected or not the attacker can sit in the car while doing this. ● If it is protected and can't be broken into the attacker could buy a cup of coffee, rent a room, or whatever it would take to get onto the network.
PoS prevention ● Larger companies and chains can afford being charged for an extra business DSL service and have more then one internet circuit. ● Smaller companies can use a hotspot gateway to protect their PoS computers from the Wifi hotspot service and includes a firewall to block access to the PoS ● If stolen credit card information from a business is proven the merchant is liable for fines and suspension from merchant card services.
Fake AP's ● You might think you are connected to the free Wifi but you are actually on an ad hoc, peer to peer network. ● Being connected to the attack PC on a peer to peer level, if file sharing is turned on the attacker has free reign over your computer. ● An in-depth survey of the ad hoc networks found at Chicago's O'Hare found 20 ad-hoc networks where 80% of those were broadcasting free wifi. ●
Fake AP prevention ● Never connect to an unknown ad hoc network
Fake AP prevention Cont. ● Rather interestingly Windows Vista is worse about preventing connecting to a Fake AP. Looking at the list of available networks you can only click the properties tab on networks you have already connected to.
Sniffing! ● Once anyone is on that WiFi network it becomes rather trivial to "sniff" out information flying around on that network ● This can be done passively where the person just sits drinking their coffee and capturing gigabytes of network traffic to be looked at offline somewhere else. ● Lots of applications send your account and passwords in clear text.
More Sniffing! ● Since alot of s are sent in clear text and instant messaging is sent in html its very simple to take all the collected data and sift through that data to find important information. ● All the HTML data can give away the websites that the user was surfing as well.
Other Considerations ● Hackers can steal passwords, personal info and credentials off your smart phone just as they would a laptop. ● Using the concept of a man in the middle attack the data coming from the phone can be re- routed to the attackers laptop where tools such as Arpspoof and SSLSTrip that will help break SSl encryption in mobile browsers.
Freeware! ● Allows for somebody with very little knowledge of computers to pick up on these illegal activites ● Programs such as Cain and Abel, Aircrack-ng, Arpsoof, SLLSTrip and Netstumber are all applications that are free and that can assist an attacker. ● As we all know the BackTrack operating system is very useful.
How can you be safe using WiFi's ● Use a third-party VPN product such as HotSpot Shield or HotSpot VPN ● Always select the most secure network that is available to you and make sure to make it a public network and not click the home network. ● Sensitive data should be hidden and file sharing should always be off. ● Many websites use and support HTTPS so use it. ● Make sure the firewall is on and the compuer is up to date.
A safer hotspot.
Refrence Page DarkAudax. "Cracking_wpa [Aircrack-ng]." Aircrack-ng. Aircrack, 07 Mar Web. 18 Apr Geier, Eric. "Wi-Fi Hotspot Security: The Issues - Wireless LAN Tutorial." Eric Geier - Wireless LAN (Wi-Fi) & Computer Author & Freelancer. 28 July Web. 18 Apr Pinkham, Steve. "Wireless Security Attacks and Defenses." Maven Security Consulting, 4 Sept Web. 4 Apr HTCC. "Security at WiFi Hotspots." Redirect. 23 Jan Web. 18 Apr Arbu. "CAIN and ABEL Tutorial 1 | Hackers Library." Hackers' Library. 13 Dec Web. 18 Apr "Overview and Features." Connectify for Windows - Turn Your Laptop or Smartphone into a Secure Wi-Fi Hotspot. Jan.-Feb Web. 18 Apr