ESET Tech Tip
By Cameron Camp, Researcher for ESET North America
Free Wi-Fi: Price? All your personal information
Sitting in an airport you rarely frequent, you grab your laptop and snap out a couple e-mails to send, and look—there’s a free Wi-Fi hotspot. Bang, you connect, send and are off on your way. What you don’t know is the free Wi-Fi may come with a price: your login credentials and network traffic being sniffed and captured before sending them along to the real Wi-Fi hotspot and your information stolen en route, undetected.
The unsuspecting business traveler or coffee shop hound will use Wi-Fi wherever they find themselves. Usually the establishments they frequent will have a Wi-Fi hotspot for customers. Airports often have free Wi-Fi for travelers, supported by the business community, which may have a splash page with ads when a user logs on to offset the cost of providing the service. Usually these types of services are clearly posted in some conspicuous location, with clear instructions for use. Many times (though not all), “official” hotspots will be secured using some kind of authentication, so you may have to enter a passphrase to log on, which is a “good thing”—meaning the communication is more secure.
What raises the flag of awareness is when there is a hotspot with a name that you don’t recognize or that is very similar in SSID (name) to the official one, maybe one character off. Be especially aware of “unsecured” hotspots, ones where you don’t need to enter a password to gain access. Most of the time, scammers will create an unsecured Wi-Fi hotspot for their shenanigans using common laptop hardware and a couple crafty applications, but it normally won’t require a passphrase, making it “easier” to use for unsuspecting travelers.
The magic happens through a proxy technology, which intercepts your Wi-Fi communication, captures and stores a copy locally on the scammer’s laptop, then sends your information on to a “real” Wi-Fi hotspot. This will slow down your traffic a little, but with congested networks, it’s hard to tell if your traffic’s being snooped or there are just many users logging on at the same time to a “real” hotspot.
If you want to log on to check bank balances, buy something for your wife or catch up on e-mail, your computer sends the login information across the network. This is the goldmine scammers look for. Normally, if you log on to a bank website, you’ll see the bank address beginning with “https” rather than “http”; this means the traffic is encrypted, which is far better than unencrypted http traffic. But if scammers capture the encrypted credentials, they can still run a program later that will try many combinations in an attempt to decrypt your encrypted credentials. If they have the information, they have all the time in the world to work on decrypting it, so you may notice fraudulent account activity days or weeks later, long after you’ve left the coffee shop or airport. If the login information you send is unencrypted to begin with, like typing username/password on a normal “http” site, it makes the task all that much easier. Remember, scammers are lazy and will try for the lowest hanging fruit first. It’s the old analogy that thieves want to steal a car, not necessarily your car, so they’ll steal the easiest one they can get, the one that looks like it’ll generate the most profit for them.
Sometimes you have to do banking and other more secure transactions on the road. If you can manage to wait until you can get to a network you know and trust (like home/work), you can have a little more peace of mind. If, however, you’re a road warrior or just need your morning latte, spend an extra couple seconds verifying that you’re logging on to the network you are expecting to, not a fake.
For questions about security or suggestions of topics you would like to see here, please email me at AskESET@eset.com.