Hackers hijacking free Wi-Fi, especially at airports

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.salisburypost.com/article/20131126/SP01/131129767/

Everywhere you look these days, you see people using their electronic
gadgets: smartphones, tablets, gaming systems and e-readers. Most of these
gadgets require Wi-Fi to access the Internet or the gadget itself is a
Wi-Fi hotspot. Many airports and other public spaces offer Wi-Fi for the
public to log onto the Internet from their laptop computers.

“Hackers are now taking advantage of travelers who want to stay connected,”
said BBB President Tom Bartholomy. “They are setting up fake Wi-Fi
connections designed to steal your personal information without you even
knowing it.”


How it works:

Although hackers have set up fake Wi-Fi connections in many locations,
airports are a favorite hot spot. When searching for connections, consumers
may see a network connection available that could be simply named “Free
Wi-Fi.”

Unfortunately, the network may actually be an ad-hoc network, or a
peer-to-peer connection. The user will be able to surf the Internet, but
they are doing it through the hacker’s computer.

“While the user is online, the hacker is stealing information like
passwords, credit card and bank account numbers, and social security
numbers from the user’s laptop computers,” said Bartholomy. “Airports
across the nation continue to report Wi-Fi security issues.”

The BBB offers the following advice for travelers using Wi-Fi Hot Spots:

• Connect securely. Never connect to an unfamiliar wireless network — even
if the name sounds genuine. A hacker can change the name of his network to
anything he wants, including the name of the legitimate Internet connection
offered by the airport.

• Disable automatic connections. Make sure that your computer is not set up
to automatically connect to any wireless networks within your range.
Otherwise, your computer could automatically connect to the hacker’s
network without your knowledge.

• Turn off file sharing when you are on the road to prevent hackers from
stealing sensitive data from your computer.•Turn off the Wi-Fi hotspot on
your device so others cannot sign onto your network.

• Create a Virtual Private Network (VPN). A VPN establishes a private
network across the public network which prevents a hacker from intercepting
your data. If your mobile device has a Wi-Fi hotspot feature, you
definitely need a VPN to prevent other people from accessing the Internet
via your mobile device.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

# OWASP http://www.appsecusa.org
# Builders, Breakers and Defenders
# Time Square, NYC 20-21 Nov
o()xxxx[{::::::::::::::::::::::::::::::::::::::::>

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.